Remarkable · Remarkable · CVE-2017-16006
Name of the Vulnerable Software and Affected Versions:
remarkable versions 1.6.2 and lower
Description:
The issue allows the use of `data:` URIs in links and can therefore execute javascript, leading to cross-site scripting. This can be exploited using a crafted link, such as "[link](data:text/html,<script>alert('0')</script>)".
Recommendations:
For versions 1.6.2 and lower, update to v1.7.0 or later.