Versions of markdown-to-jsx before 7.4.0 allow Cross-site Scripting (XSS) via src property. Improper input sanitization enables execution of arbitrary code through injected iframe element
Reporter | Title | Published | Views | Family All 14 |
---|---|---|---|---|
Debian CVE | CVE-2024-21535 | 15 Oct 202405:15 | – | debiancve |
OSV | Cross site scripting in markdown-to-jsx | 15 Oct 202406:30 | – | osv |
OSV | UBUNTU-CVE-2024-21535 | 15 Oct 202405:15 | – | osv |
OSV | CVE-2024-21535 | 15 Oct 202405:15 | – | osv |
CVE | CVE-2024-21535 | 15 Oct 202405:15 | – | cve |
NVD | CVE-2024-21535 | 15 Oct 202405:15 | – | nvd |
RedhatCVE | CVE-2024-21535 | 15 Oct 202406:26 | – | redhatcve |
Cvelist | CVE-2024-21535 | 15 Oct 202405:00 | – | cvelist |
Github Security Blog | Cross site scripting in markdown-to-jsx | 15 Oct 202406:30 | – | github |
Fedora | [SECURITY] Fedora 40 Update: python-notebook-7.3.1-1.fc40 | 17 Dec 202404:04 | – | fedora |
[
{
"cpes": [
"cpe:2.3:a:markdown-to-jsx:markdown-to-jsx:*:*:*:*:*:*:*:*"
],
"vendor": "markdown-to-jsx",
"product": "markdown-to-jsx",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "7.4.0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo