CVE-2014-3743

MEDIUM6.1EPSS 0.42%

Multiple Content Injection Vulnerabilities in marked

Published: 8/31/2020Modified: 4/28/2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

Affected packages (2)

Debian/node-markedfrom 0, < 0.3.1+dfsg-1
npm/markedfrom 0, < 0.3.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-1850
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3743
WEBhttps://www.npmjs.com/advisories/22