CVE-2019-12043

Name of the Vulnerable Software and Affected Versions Remarkable version 1.7.1

Description The issue arises from the mishandling of URL filtering in the lib/parser inline.js file, allowing attackers to trigger XSS via unprintable characters. This can be demonstrated by a x0ejavascript: URL, which showcases the vulnerability.

Recommendations For version 1.7.1, consider disabling the URL filtering functionality in lib/parser inline.js until a patch is available to prevent exploitation. Restrict access to URLs that may contain unprintable characters to minimize the risk of XSS attacks.