6 matches found
Remote Code Execution (RCE)
@github/paste-markdown is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of the input into innerHTML property when copied from clipboard...
CVE-2021-37700
@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...
CVE-2021-37700 Clipboard-based DOM-XSS
@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...
GHSA-GPFJ-4J6G-C4W9 Clipboard-based DOM-XSS
Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...
Clipboard-based DOM-XSS
Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...
paste-markdown 跨站脚本漏洞
paste-markdown is a paste Markdown object. A cross-site scripting vulnerability exists in paste-markdown versions prior to 0.3.4, which stems from dynamically creating a div if the clipboard data contains the string and copying the clipboard content into its innerHTML attribute without any cleanu...