Lucene search
Sophie AlpertNODEJS:319HistoryMar 08, 2017 - 11:27 p.m.
XSS in Data URI
2017-03-0823:27:07
Sophie Alpert
www.npmjs.com
35
0.001 Low
EPSS
Percentile
30.8%
Overview
Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript.
Proof of Concept
[link](data:text/html,<script>alert('0')</script>)
Recommendation
Update to v1.7.0 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| remarkable | le | 1.6.2 |
Related
osv
osv
XSS in Data URI in remarkable
2018-11-09 17:48:20
CVE-2017-16006
2018-06-04 19:29:00
prion
prion
Design/Logic Flaw
2018-06-04 19:29:00
cvelist
cvelist
CVE-2017-16006
2018-04-26 00:00:00
nvd
nvd
CVE-2017-16006
2018-06-04 19:29:00
cve
cve
CVE-2017-16006
2018-06-04 19:29:00
github
github
XSS in Data URI in remarkable
2018-11-09 17:48:20