Affected versions of remarkable
are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data:
URIs in links, and can therefore execute javascript.
[link](data:text/html,<script>alert('0')</script>)
Update to v1.7.0 or later
CPE | Name | Operator | Version |
---|---|---|---|
remarkable | lt | 1.7.0 |