Multiple Content Injection Vulnerabilities in marked

Versions 0.3.0 and earlier of marked are affected by two cross-site scripting vulnerabilities, even when sanitize: true is set. The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs. Recommendation Upgrade to version 0.3.1 or later...

CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...

CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's. sanitize: true Even if this option is set, marked is vulnerable to...

UBUNTU-CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's. sanitize: true Even if this option is set, marked is vulnerable to...

CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...

Multiple Content Injection Vulnerabilities

Overview Versions 0.3.0 and earlier of marked are affected by two cross-site scripting vulnerabilities, even when sanitize: true is set. The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs. Recommendation Upgrade to version 0.3.1 or later. References GitHub Advisory...