4 matches found
CVE-2014-3743
Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...
CVE-2014-3743
Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's. sanitize: true Even if this option is set, marked is vulnerable to...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3743. Reason: This candidate is a duplicate of CVE-2014-3743. Notes: All CVE users should reference CVE-2014-3743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2014-3743
CVE-2014-3743 affects the Node.js Marked module (before 0.3.1). The vulnerability is due to cross-site scripting in two vectors: gfm codeblocks (language) and javascript: URLs, allowing remote attackers to inject arbitrary script/HTML. The OSV and NVD records corroborate XSS in Marked prior to 0....