Lucene search
GoogleOSV:GHSA-WFVX-FX73-3RFJHistoryJul 26, 2022 - 12:01 a.m.
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped
2022-07-2600:01:05
Google
osv.dev
3
vulnerability
markdown-it-toc
xss
header
escaping
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
40.2%
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-07-26 07:40:00
cvelist
cvelist
CVE-2020-28455 Cross-site Scripting (XSS)
2022-07-25 14:10:37
github
github
cve
cve
CVE-2020-28455
2022-07-25 14:15:09
prion
prion
Code injection
2022-07-25 14:15:00
nvd
nvd
CVE-2020-28455
2022-07-25 14:15:09
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
40.2%
Related for OSV:GHSA-WFVX-FX73-3RFJ