Cross-site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS attacks. The library does not properly escape URLs when mangling is disabled, allowing a malicious user to inject and execute arbitrary Javascript...