EUVD-2022-0966

Malicious code in bioql PyPI...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), asimplemde (=1.0.0) +22 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=1.1.2 <=3.3.0)

markdown-it-highlightjs NPM version =1.1.2, =3.0.0, =0.7.0, =0.2.2, =1.0.0, =1.0.0, =0.2.0, =0.1.0, =0.0.11, =1.0.0, =0.0.3, =0.6.0, =0.16.0 - norska-cloudinary =0.9.18 and more Source cves: CVE-2020-7773 Source advisory: OSV:GHSA-F246-XRRJ-G8J6...

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

GHSA-F246-XRRJ-G8J6 Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Valeriangalliat Markdown It Highlightjs Cross-Site Scripting Vulnerability

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Code injection

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773 Cross-site Scripting (XSS)

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This CVE affects the JavaScript package markdown-it-highlightjs before version 3.3.1 . The vulnerability stems from the ability to inject malicious JavaScript through the lang value used in the package’s inline code highlighting feature, enabling XSS in affected renderings (example payload shown ...

Cross-site Scripting (XSS)

Overview markdown-it-highlightjs is a Preset to use highlight.js with markdown-it. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), norska (>=0.6.0 <=0.16.0) +3 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=3.0.0 <=3.3.0)

markdown-it-highlightjs NPM version =3.0.0, =3.0.0, =0.6.0, =0.6.0, =0.2.2, =0.2.4 Source cves: CVE-2020-7773 Source advisory: SNYK:JS-MARKDOWNITHIGHLIGHTJS-1040461...

Valeriangalliat Markdown It Highlightjs 跨站脚本漏洞

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...