Lucene search
GoogleOSV:GHSA-MRMF-QWXG-7C3HHistoryNov 09, 2018 - 5:48 p.m.
XSS in Data URI in remarkable
2018-11-0917:48:20
Google
osv.dev
10
0.001 Low
EPSS
Percentile
30.8%
Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript.
Proof of Concept
[link](data:text/html,<script>alert('0')</script>)
Recommendation
Update to v1.7.0 or later
| CPE | Name | Operator | Version |
|---|---|---|---|
| remarkable | lt | 1.7.0 |
Related
nodejs
nodejs
XSS in Data URI
2017-03-08 23:27:07
prion
prion
Design/Logic Flaw
2018-06-04 19:29:00
cvelist
cvelist
CVE-2017-16006
2018-04-26 00:00:00
nvd
nvd
CVE-2017-16006
2018-06-04 19:29:00
cve
cve
CVE-2017-16006
2018-06-04 19:29:00
osv
osv
CVE-2017-16006
2018-06-04 19:29:00
github
github
XSS in Data URI in remarkable
2018-11-09 17:48:20