CVE-2014-3743

Name of the Vulnerable Software and Affected Versions Marked module versions prior to 0.3.1

Description Multiple cross-site scripting (XSS) vulnerabilities in the Marked module allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. Even if the sanitize: true option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations: gfm codeblocks (language) and javascript url's.

Recommendations Upgrade to version 0.3.1 or later.