3 matches found
CVE-2020-7773
creationtimestamp| type| source ---|---|--- 2020-11-16 14:37:24+00:00| published-proof-of-concept| https://t.me/cibsecurity/16341...
CVE-2020-7773 Cross-site Scripting (XSS)
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...
@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), norska (>=0.6.0 <=0.16.0) +3 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=3.0.0 <=3.3.0)
markdown-it-highlightjs NPM version =3.0.0, =3.0.0, =0.6.0, =0.6.0, =0.2.2, =0.2.4 Source cves: CVE-2020-7773 Source advisory: SNYK:JS-MARKDOWNITHIGHLIGHTJS-1040461...