Lucene search
JedixakNODEJS:815HistoryApr 17, 2019 - 2:50 p.m.
Cross-Site Scripting
2019-04-1714:50:56
jedixak
www.npmjs.com
5
0.001 Low
EPSS
Percentile
51.1%
Overview
Versions of simple-markdown prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.
Recommendation
Upgrade to version 0.4.4 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| simple-markdown | lt | 0.4.4 |
Related
nessus
nessus
Fedora 30 : nodejs-simple-markdown (2019-bce274cbf6)
2019-05-02 00:00:00
Fedora 29 : nodejs-simple-markdown (2019-36ce1cb623)
2019-04-15 00:00:00
Fedora 28 : nodejs-simple-markdown (2019-8e7c71f45b)
2019-04-15 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Khanacademy Simple-Markdown
2020-12-01 09:18:58
cve
cve
CVE-2019-9844
2019-04-09 02:29:02
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-simple-markdown-0.4.4-1.fc30
2019-04-09 00:05:08
[SECURITY] Fedora 28 Update: nodejs-simple-markdown-0.4.4-1.fc28
2019-04-13 01:31:32
[SECURITY] Fedora 29 Update: nodejs-simple-markdown-0.4.4-1.fc29
2019-04-13 15:34:52
prion
prion
Cross site scripting
2019-04-09 02:29:00
osv
osv
CVE-2019-9844
2019-04-09 02:29:02
Cross-Site Scripting in simple-markdown
2019-04-09 19:47:29
cvelist
cvelist
CVE-2019-9844
2019-03-15 23:00:00
nvd
nvd
CVE-2019-9844
2019-04-09 02:29:02
openvas
openvas
Fedora Update for nodejs-simple-markdown FEDORA-2019-8e7c71f45b
2019-04-17 00:00:00
Fedora Update for nodejs-simple-markdown FEDORA-2019-36ce1cb623
2019-05-07 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-04-09 07:30:07
github
github
Cross-Site Scripting in simple-markdown
2019-04-09 19:47:29