CVE-2015-1370

Name of the Vulnerable Software and Affected Versions marked versions 0.3.2 and earlier

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. This vulnerability is present even when sanitize:true is set. The attack can be conducted using a link with a vbscript tag, such as [xss link](vbscript:alert(1)), which results in the creation of an <a> tag with the vbscript link.

Recommendations Update to version 0.3.3 or later. As a temporary workaround, consider avoiding the use of vbscript tags in links until the issue is resolved.