2 matches found
cnpmjs.org (>=2.0.0-beta0 <=2.0.0-rc.3), json2html-cli (>=0.0.2 <=0.0.8) +1 more potentially affected by CVE-2014-10065 via remarkable (=1.3.0)
remarkable NPM version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on remarkable and may be impacted: - cnpmjs.org =2.0.0-beta0, =0.0.2, =0.0.8 - koa-markdown =1.0.0 Source cves: CVE-2014-10065 Source advisory: OSV:GHSA-F9VC-Q3HH-QHFV...
CVE-2014-10065
The CVE-2014-10065 entry concerns the remarkable Markdown parser. Affected: versions before 1.4.1. Root cause: input handling failed to properly restrict link protocols, permitting javascript: URLs to be injected into rendered content (XSS). Impact/notes: enables cross-site scripting via crafted ...