3 matches found
Cross-Site Scripting in ngx-md
Versions of ngx-md prior to 6.0.3 are vulnerable to Cross-Site Scripting. Links are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution. Markdown input such as Click Me is rendered as a Click Me link that executes JavaScript. Recommendation...
GHSA-XR53-M937-JR9C Cross-Site Scripting in ngx-md
Versions of ngx-md prior to 6.0.3 are vulnerable to Cross-Site Scripting. Links are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution. Markdown input such as Click Me is rendered as a Click Me link that executes JavaScript. Recommendation...
Cross-Site Scripting
Overview Versions of ngx-md prior to 6.0.3 are vulnerable to Cross-Site Scripting. Links are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution. Markdown input such as Click Me is rendered as a Click Me link that executes JavaScript...