CVE-2020-7773

This CVE affects the JavaScript package markdown-it-highlightjs before version 3.3.1 . The vulnerability stems from the ability to inject malicious JavaScript through the lang value used in the package’s inline code highlighting feature, enabling XSS in affected renderings (example payload shown ...

@decentralized-identity/sidetree (>=0.10.0-unstable.2b529f0 <=1.0.1-unstable.8507092), spec-up (>=0.9.0 <=0.10.1) +2 more potentially affected by unknown CVE via markdown-it-prism (>=2.0.3 <=2.1.2)

markdown-it-prism NPM version =2.0.3, =0.10.0-unstable.2b529f0, =0.9.0, =1.1.11, =0.10.1, =0.11.1-preview.1 Source cves: unknown CVE Source advisory: SNYK:JS-MARKDOWNITPRISM-1040462...

Cross-site Scripting (XSS)

Overview markdown-it-prism is a The plugin will insert the necessary markup into all code blocks. Include one of Prism’s stylesheets in your HTML to get highlighted code. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible to insert malicious JavaScript as...

Cross-site Scripting (XSS)

Overview markdown-it-highlightjs is a Preset to use highlight.js with markdown-it. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), norska (>=0.6.0 <=0.16.0) +3 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=3.0.0 <=3.3.0)

markdown-it-highlightjs NPM version =3.0.0, =3.0.0, =0.6.0, =0.6.0, =0.2.2, =0.2.4 Source cves: CVE-2020-7773 Source advisory: SNYK:JS-MARKDOWNITHIGHLIGHTJS-1040461...

Valeriangalliat Markdown It Highlightjs 跨站脚本漏洞

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

Cross-site Scripting (XSS)

markdown-it-prism is vulnerable to cross-site scripting XSS. The library does not properly escape the langToUse variable, allowing a malicious user to inject and execute arbitrary Javascript code...

GHSA-5FF8-JCF9-FW62 Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

42-markdown (>=1.0.0 <=1.0.1), @58fe/p5 (>=1.3.1 <=2.4.8) +409 more potentially affected by unknown CVE via markdown-it-katex (>=1.1.0 <=2.0.3)

markdown-it-katex NPM version =1.1.0, =1.0.0, =1.3.1, =2.3.0, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.14.0, =1.1.7, =1.0.0, =8.30.0-beta.0, =0.0.100, =0.0.5, =0.0.23, =0.0.45 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5FF8-JCF9-FW62...

Cross-Site Scripting in markdown-it-katex

All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...

@aconex/styleguide (>=2.0.1 <=2.2.0), alinex-report (>=1.0.2 <=1.3.14) potentially affected by unknown CVE via markdown-it-toc-and-anchor (>=2.0.0 <=4.1.2)

markdown-it-toc-and-anchor NPM version =2.0.0, =2.0.1, =1.0.2, =1.3.14 Source cves: unknown CVE Source advisory: OSV:GHSA-X6M6-5HRF-FH6R...

Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

GHSA-X6M6-5HRF-FH6R Denial of Service in markdown-it-toc-and-anchor

All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Cross-site Scripting (XSS)

markdown-it-katex is vulnerable to cross-site scripting. The vulnerability exists in index.js once the parser return an error it returns katex without sanitizing as HTML tags, allowing a malicious user to inject and execute arbitrary web scripts...

Cross-Site Scripting

Overview All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Conside...

Denial Of Service (DoS)

markdown-it is vulnerable to denial of service. The parsing of a malicious string such as multiple results in quadratic processing time, which could potentially be abused to cause a denial of service condition in the application...

Denial of Service

Overview All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs...

CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs...

DEBIAN-CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs...