GHSA-WFVX-FX73-3RFJ markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28459

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...

CVE-2020-28455

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28455 Cross-site Scripting (XSS)

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped...

CVE-2020-28459

CVE-2020-28459 affects all versions of the package markdown-it-decorate. The vulnerability allows an attacker to inject event handlers or use javascript: URLs in links, enabling potential cross-site scripting (XSS). Public documents consistently describe the issue as XSS in markdown-it-decorate w...

Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2022-21721 DESCRIPTION: Next.js is vulnerable to a denial of service, caused by a...

markdown-it-decorate 跨站脚本漏洞

markdown-it-decorate is used to add attributes, IDs, and classes to Markdown by Rico Sta. Cruz, a personal developer in Australia. A security vulnerability exists in markdown-it-decorate, which can be exploited by an attacker to add the event handler javascript:xxx for links...

PT-2022-8901 · Unknown · Markdown-It-Toc

Name of the Vulnerable Software and Affected Versions: markdown-it-toc versions affected versions not specified Description: The issue affects the generation of the table of contents toc in markdown-it-toc, where the title of the generated toc and the contents of the header are not properly...

Cross-site Scripting (XSS)

markdown-it-decorate is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scripts via user-provided parameters...

@jamen/mdc (>=0.0.0 <=0.0.1), @namgoe/gcmsgen (>=0.0.3 <=0.0.11) +25 more potentially affected by CVE-2020-28459 via markdown-it-decorate (>=1.0.0 <=1.2.2)

markdown-it-decorate NPM version =1.0.0, =0.0.0, =0.0.3, =0.0.1, =0.0.0, =2.3.0, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.1.0, =0.1.0, =0.2.0, =1.0.1, =1.0.1, =1.0.17 and more Source cves: CVE-2020-28459 Source advisory: OSV:GHSA-RHF5-2378-3W3W...

GHSA-RHF5-2378-3W3W markdown-it-decorate vulnerable to cross-site scripting (XSS)

markdown-it-decorate adds attributes, IDs and classes to Markdown, and the most recent version 1.2.2 was published in 2017. All versions are currently vulnerable to cross-site scripting XSS and there is no fixed version at this time...

PT-2022-8902 · Npm · Markdown-It-Decorate

Name of the Vulnerable Software and Affected Versions: markdown-it-decorate versions prior to a fixed version no fixed version available Description: The issue affects the markdown-it-decorate package, allowing an attacker to add an event handler or use javascript:xxx for the link, potentially...

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), asimplemde (=1.0.0) +22 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=1.1.2 <=3.3.0)

markdown-it-highlightjs NPM version =1.1.2, =3.0.0, =0.7.0, =0.2.2, =1.0.0, =1.0.0, =0.2.0, =0.1.0, =0.0.11, =1.0.0, =0.0.3, =0.6.0, =0.16.0 - norska-cloudinary =0.9.18 and more Source cves: CVE-2020-7773 Source advisory: OSV:GHSA-F246-XRRJ-G8J6...

GHSA-F246-XRRJ-G8J6 Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

20ful (>=0.1.0 <=0.2.7), 4xx (=0.0.1) +1739 more potentially affected by CVE-2022-21670 via markdown-it (>=10.0.0 <=12.3.1)

markdown-it NPM version =10.0.0, =0.1.0, =0.11.0, =0.0.2, =3.0.1, =3.0.4, =4.4.0, =4.4.0, =4.2.2, =1.1.0, =4.4.0, =1.3.1, =3.7.1, =0.20.11-20200626053054, =0.20.11-20200626053054, =0.22.3-20211027074636 and more Source cves: CVE-2022-21670 Source advisory: OSV:GHSA-6VFC-QV3F-VR6C...

GHSA-6VFC-QV3F-VR6C Uncontrolled Resource Consumption in markdown-it

Impact Special patterns with length 50K chars can slow down parser significantly. js const md = require'markdown-it'; md.renderx $' '.repeat150000 x \nx; Patches Upgrade to v12.3.2+ Workarounds No. References Fix + test sample:...

Uncontrolled Resource Consumption in markdown-it

Impact Special patterns with length 50K chars can slow down parser significantly. js const md = require'markdown-it'; md.renderx $' '.repeat150000 x \nx; Patches Upgrade to v12.3.2+ Workarounds No. References Fix + test sample:...