Cross-Site Scripting Vulnerability in markdown-it Plugin by Markdown
CVE-2015-3295
5.3MEDIUM
What is CVE-2015-3295?
The markdown-it library prior to version 4.1.0 is vulnerable to a Cross-Site Scripting (XSS) attack as it fails to properly sanitize 'data:' URLs. This oversight can allow attackers to inject malicious scripts into web applications, potentially compromising user data and security. It is crucial for users of markdown-it to upgrade to the latest version to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved