CVE-2024-34449

Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...

CVE-2021-39199

remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default was never safe and had to be opted into. That is, user input was not sanitized. This means arbitra...

CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's. sanitize: true Even if this option is set, marked is vulnerable to...

UBUNTU-CVE-2014-3743

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's. sanitize: true Even if this option is set, marked is vulnerable to...