qiita-markdown is vulnerable to cross-site scripting (XSS). The vulnerability exists through the value of port
in url
where it allows strings like javascript://docs.google.com:80/%0d%0aalert(document.domain)
to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
qiita-markdown | le | 0.32.0 |