@boyuai/fe-base (>=0.37.0 <=0.42.6), @boyuai/markdown (>=0.1.0 <=0.6.0) +29 more potentially affected by unknown CVE via markdown-it-texmath (>=0.4.7 <=0.8.0)

markdown-it-texmath NPM version =0.4.7, =0.37.0, =0.1.0, =0.1.1, =0.2.1, =0.0.1, =0.0.7, =1.0.0, =2.15.3-alpha.0, =1.1.0, =0.1.0, =0.1.0, =0.6.0, =1.3.5 - @navanjr/vuetify-markdown-editor =1.0.0 - @suehok/vuetify-markdown-editor =3.3.4 and more Source cves: unknown CVE Source advisory:...

Cross-site Scripting (XSS)

Overview markdown-it-texmath is a that add TeX math equations to your Markdown documents rendered by markdown-it parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Within texmath.js, it is possible to bypass the current validation and inject JavaScript within ma...