45 matches found
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...
simple-markdown cross-site scripting vulnerability
simple-markdown is a simple, extensible Markdown-like parser . A cross-site scripting vulnerability exists in simple-markdown.js in Khan Academy simple-markdown versions prior to 0.4.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the data: or vbscript: URI...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...
CVE-2019-9844
CVE-2019-9844 affects the Node package simple-markdown (Khan Academy’s simple-markdown) up to version 0.4.3. The vulnerability is a Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization in links, enabling execution of malicious JavaScript via data: or VBScript: URIs. The issue...