Lucene search
GoogleOSV:GHSA-3C48-6PCV-88RMHistoryJul 27, 2018 - 5:05 p.m.
Macro in MathJax running untrusted Javascript within a web browser
2018-07-2717:05:27
Google
osv.dev
9
EPSS
0.001
Percentile
30.2%
MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.
Related
cve
cve
CVE-2018-1999024
2018-07-23 16:29:00
CVE-2018-1000214
2018-08-20 20:29:00
prion
prion
Cross site scripting
2018-07-23 16:29:00
veracode
veracode
Cross-site Scripting (XSS)
2018-07-24 02:13:28
osv
osv
CVE-2018-1999024
2018-07-23 16:29:00
ubuntucve
ubuntucve
CVE-2018-1999024
2018-07-23 00:00:00
cvelist
cvelist
CVE-2018-1999024
2018-07-23 16:00:00
debiancve
debiancve
CVE-2018-1999024
2018-07-23 16:29:00
github
github
Macro in MathJax running untrusted Javascript within a web browser
2018-07-27 17:05:27
nvd
nvd
CVE-2018-1999024
2018-07-23 16:29:00
CVE-2018-1000214
2018-08-20 20:29:00