Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000427 | 1 Marked Project | 1 Marked | 2020-05-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | |||||
| CVE-2014-3743 | 1 Marked Project | 1 Marked | 2020-01-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. | |||||
| CVE-2016-10531 | 1 Marked Project | 1 Marked | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left. | |||||