GHSA-M7QM-R2R5-F77Q Cross-Site Scripting in react-marked-markdown

All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...

@addaps/doca-addaps-theme (>=1.0.1 <=1.0.6), doca-bootstrap-theme (>=0.0.6 <=1.0.0) +11 more potentially affected by unknown CVE via react-marked-markdown (=1.4.6)

react-marked-markdown NPM version =1.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on react-marked-markdown and may be impacted: - @addaps/doca-addaps-theme =1.0.1, =0.0.6, =0.0.1, =0.2.1, =1.0.0, =0.0.1, =1.0.0, =0.1.1, =0.15.1, =0.1.2, =0.2.1 Sour...

Cross-Site Scripting

Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...

Cross-Site Scripting (XSS)

react-marked-markdown is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not sanitize the href values to XSS-free string...

Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...