PT-2020-21234 — XSS in Npm Markdown-To-Jsx

PT-2020-21234 · Npm · Markdown-To-Jsx

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions markdown-to-jsx versions prior to 6.11.4

Description The issue is related to Cross-Site Scripting due to insufficient input sanitization, allowing the package to render output containing malicious JavaScript. This can be exploited through input of links containing data or VBScript URIs and a base64-encoded payload.

Recommendations Upgrade to version 6.11.4 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-CCRP-C664-8P4J

Affected Products

Markdown-To-Jsx

PT-2020-21234 · Npm · Markdown-To-Jsx

Weakness Enumeration

Related Identifiers

Affected Products

References · 4