3 matches found
CVE-2020-28459 Cross-site Scripting (XSS)
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...
@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)
markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: OSV:GHSA-RHF5-2378-3W3W...
@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)
markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: SNYK:JS-MARKDOWNITDECORATE-1044068...