EUVD-2022-6409

Malicious code in bioql PyPI...

CVE-2020-28459

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...

CVE-2020-28459

CVE-2020-28459 affects all versions of the package markdown-it-decorate. The vulnerability allows an attacker to inject event handlers or use javascript: URLs in links, enabling potential cross-site scripting (XSS). Public documents consistently describe the issue as XSS in markdown-it-decorate w...

markdown-it-decorate 跨站脚本漏洞

markdown-it-decorate is used to add attributes, IDs, and classes to Markdown by Rico Sta. Cruz, a personal developer in Australia. A security vulnerability exists in markdown-it-decorate, which can be exploited by an attacker to add the event handler javascript:xxx for links...

Cross-site Scripting (XSS)

markdown-it-decorate is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scripts via user-provided parameters...

GHSA-RHF5-2378-3W3W markdown-it-decorate vulnerable to cross-site scripting (XSS)

markdown-it-decorate adds attributes, IDs and classes to Markdown, and the most recent version 1.2.2 was published in 2017. All versions are currently vulnerable to cross-site scripting XSS and there is no fixed version at this time...

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: OSV:GHSA-RHF5-2378-3W3W...

PT-2022-8902 · Npm · Markdown-It-Decorate

Name of the Vulnerable Software and Affected Versions: markdown-it-decorate versions prior to a fixed version no fixed version available Description: The issue affects the markdown-it-decorate package, allowing an attacker to add an event handler or use javascript:xxx for the link, potentially...

Cross-site Scripting (XSS)

Overview markdown-it-decorate is an Add classes, identifiers and attributes to your markdown with HTML comments Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can add an event handler or use javascript:xxx for the link. PoC const md = require'markdown-it...

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: SNYK:JS-MARKDOWNITDECORATE-1044068...