0.001 Low
EPSS
Percentile
40.0%
mathjax is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists through the improper sanitization through the \unicode{} and \class{} mcaros, allowing arbitrary JavaScript to be executed when rendered.
\unicode{}
\class{}
blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.html
github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1