4 matches found
CVE-2019-12041
Affected software: remarkable 1.7.1, with vulnerable code in lib/common/html_re.js. The CVE describes a Regular Expression Denial of Service (ReDoS) via a CDATA section in that file. The vulnerability could allow an attacker to craft input inside the CDATA tag that drives the regex engine to high...
CVE-2017-16006
The CVE-2017-16006 issue affects remarkable before or equal to v1.6.2, where data: URIs in links can trigger JavaScript execution, enabling cross-site scripting. Impact is client-side, subject to whether the environment allows data: URI handling. Affected component: remarkable’s markdown parser; ...
CVE-2014-10065
The CVE-2014-10065 entry concerns the remarkable Markdown parser. Affected: versions before 1.4.1. Root cause: input handling failed to properly restrict link protocols, permitting javascript: URLs to be injected into rendered content (XSS). Impact/notes: enables cross-site scripting via crafted ...
CVE-2019-12043
CVE-2019-12043 affects remarkable 1.7.1. The vulnerability is in lib/parser_inline.js, where URL filtering is mishandled, allowing cross-site scripting via unprintable characters (demonstrated by a \x0ejavascript: URL). Documents in Red Hat, GHSA and OSV/EUVD Veracode references confirm the XSS i...