GHSA-MG69-6J3M-JVGW HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

HTML Injection

Overview All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This...

HTML Injection

Overview All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgra...