7 matches found
Fedora 30 : nodejs-simple-markdown (2019-bce274cbf6)
Update to latest upstream release, fix CVE-2019-9844 rhbz1695304, Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 28 : nodejs-simple-markdown (2019-8e7c71f45b)
Update to latest upstream release, fix CVE-2019-9844 rhbz1695304, Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
@anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1), @gorangajic/react-native-markdown (=0.1.1) +22 more potentially affected by CVE-2019-9844 via simple-markdown (>=0.0.9 <=0.4.2)
simple-markdown NPM version =0.0.9, =1.0.3, =1.3.0, =1.0.1, =1.0.4, =2.3.0, =0.1.0, =1.2.0, =2.4.0, =1.2.0, =1.1.0, =1.0.0, =1.10.0 and more Source cves: CVE-2019-9844 Source advisory: OSV:GHSA-QJ3F-9GMQ-FWV5...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...
CVE-2019-9844
CVE-2019-9844 affects the Node package simple-markdown (Khan Academy’s simple-markdown) up to version 0.4.3. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization in links, enabling execution of malicious JavaScript via data: or VBScript: URIs. The issue...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...