Lucene search
K
Remarkable ProjectRemarkable

4 matches found

CVE
CVE
added 2019/05/13 12:7 p.m.66 views

CVE-2019-12041

Affected software: remarkable 1.7.1, with vulnerable code in lib/common/html_re.js. The CVE describes a Regular Expression Denial of Service (ReDoS) via a CDATA section in that file. The vulnerability could allow an attacker to craft input inside the CDATA tag that drives the regex engine to high...

7.5CVSS7.3AI score0.01321EPSS
CVE
CVE
added 2018/06/04 7:0 p.m.59 views

CVE-2017-16006

The CVE-2017-16006 issue affects remarkable before or equal to v1.6.2, where data: URIs in links can trigger JavaScript execution, enabling cross-site scripting. Impact is client-side, subject to whether the environment allows data: URI handling. Affected component: remarkable’s markdown parser; ...

6.1CVSS6.3AI score0.00977EPSS
CVE
CVE
added 2018/05/31 8:0 p.m.51 views

CVE-2014-10065

The CVE-2014-10065 entry concerns the remarkable Markdown parser. Affected: versions before 1.4.1. Root cause: input handling failed to properly restrict link protocols, permitting javascript: URLs to be injected into rendered content (XSS). Impact/notes: enables cross-site scripting via crafted ...

6.1CVSS6.2AI score0.00973EPSS
CVE
CVE
added 2019/05/13 1:5 p.m.51 views

CVE-2019-12043

CVE-2019-12043 affects remarkable 1.7.1. The vulnerability is in lib/parser_inline.js, where URL filtering is mishandled, allowing cross-site scripting via unprintable characters (demonstrated by a \x0ejavascript: URL). Documents in Red Hat, GHSA and OSV/EUVD Veracode references confirm the XSS i...

6.1CVSS5.8AI score0.00865EPSS