EPSS
Percentile
64.5%
Versions 0.3.0 and earlier of marked are affected by two cross-site scripting vulnerabilities, even when sanitize: true is set.
marked
sanitize: true
The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs.
Upgrade to version 0.3.1 or later.
nvd.nist.gov/vuln/detail/CVE-2014-1850
www.npmjs.com/advisories/22