CVE-2018-1999024

Name of the Vulnerable Software and Affected Versions MathJax versions prior to 2.7.4

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the unicode{} macro. This vulnerability can result in potentially untrusted JavaScript running within a web browser. The attack appears to be exploitable when the victim views a page where untrusted content is processed using MathJax.

Recommendations For MathJax versions prior to 2.7.4, update to version 2.7.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unicode{} macro until a patch is applied.