3 matches found
@halo-dev/markdown-renderer (>=1.0.0-alpha.11 <=1.0.0-alpha.50), @jx3box/jx3box-bmap (>=0.0.1 <=0.1.15) +119 more potentially affected by CVE-2020-28455 via markdown-it-toc (=1.1.0)
markdown-it-toc NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on markdown-it-toc and may be impacted: - @halo-dev/markdown-renderer =1.0.0-alpha.11, =0.0.1, =1.8.9, =5.4.2, =1.0.3, =0.0.1, =0.1.5, =0.1.0, =0.0.1, =0.1.1, =1.0.6, =0.0....
CVE-2020-28455 Cross-site Scripting (XSS)
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...
CVE-2020-28455
markdown-it-toc is vulnerable to Cross-site Scripting (XSS) because the title of the generated table of contents and the contents of headers are not escaped. This affects all versions of the package, enabling injection via the toc/title content. Multiple sources (GHSA, Snyk, Veracode, OSV, CVE li...