4 matches found
Cross-Site Scripting in mrk.js
Versions of mrk.js before 2.0.1 are vulnerable to cross-site scripting XSS when markdown is converted to HTML. Recommendation Update to version 2.0.1 or later and use mark.sanitizeURL for any src and href attributes when extending the markdown...
GHSA-HPR5-WP7C-HH5Q Cross-Site Scripting in mrk.js
Versions of mrk.js before 2.0.1 are vulnerable to cross-site scripting XSS when markdown is converted to HTML. Recommendation Update to version 2.0.1 or later and use mark.sanitizeURL for any src and href attributes when extending the markdown...
Cross-Site Scripting
Overview Versions of mrk.js before 2.0.1 are vulnerable to cross-site scripting XSS when markdown is converted to HTML. Recommendation Update to version 2.0.1 or later and use mark.sanitizeURL for any src and href attributes when extending the markdown. References - GitHub PR 3 - GitHub Advisory...
Cross-site Scripting (XSS)
mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...