CVE-2014-3743

MEDIUM6.1EPSS 0.42%

Multiple Content Injection Vulnerabilities in marked

發布日:2020/8/31修改日:2026/4/28

描述

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

受影響套件(2)

Debian/node-markedfrom 0, < 0.3.1+dfsg-1
npm/markedfrom 0, < 0.3.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-1850
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3743
WEBhttps://www.npmjs.com/advisories/22