GHSA-5FF8-JCF9-FW62 Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

42-markdown (>=1.0.0 <=1.0.1), @58fe/p5 (>=1.3.1 <=2.4.8) +411 more potentially affected by unknown CVE via markdown-it-katex (>=1.1.0 <=2.0.3)

markdown-it-katex NPM version =1.1.0, =1.0.0, =1.3.1, =2.3.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.14.0, =1.1.7, =1.0.0, =8.30.0-beta.0, =0.0.100, =0.0.5, =0.0.23, =0.0.45 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5FF8-JCF9-FW62...

Cross-site Scripting (XSS)

markdown-it-katex is vulnerable to cross-site scripting. The vulnerability exists in index.js once the parser return an error it returns katex without sanitizing as HTML tags, allowing a malicious user to inject and execute arbitrary web scripts...

Cross-Site Scripting

Overview All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Conside...