204 matches found
CVE-2015-3295
markdown-it before 4.1.0 does not block data: URLs, enabling potential HTML injection when rendering user-provided content. Affected: markdown-it versions prior to 4.1.0. Root cause: failure to block data: URLs in the rendering process. Impact: authoring or rendering content could lead to uninten...
CVE-2015-3295
markdown-it before 4.1.0 does not block data: URLs...
markdown-it and NodeBB HTML Injection Vulnerabilities
markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...
markdown-it and NodeBB HTML injection vulnerability (CNVD-2016-00135)
markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...