PT-2020-21344 · Mrk.Js · Mrk.Js

Published

2020-09-01

·

Updated

2020-09-01

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions mrk.js versions prior to 2.0.1
Description The issue concerns cross-site scripting (XSS) that occurs when markdown is converted to HTML.
Recommendations Update to version 2.0.1 or later and use mark.sanitizeURL() for any src and href attributes when extending the markdown.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-HPR5-WP7C-HH5Q

Affected Products

Mrk.Js