CVE-2014-10065 — Code Injection in Project Remarkable

CWE-94 — Code Injection CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Remarkable Project Remarkable Hackerone Remarkable Node Module

Timeline

PublishedMay 31

Latest updateAug 31

Description

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDremarkable_project/remarkable< 1.4.1

▶npmremarkable_project/remarkable< 1.4.1

▶CVEListV5hackerone/remarkable_node_module<1.4.1

🔴Vulnerability Details

OSV

Content Injection in remarkable↗2020-08-31

▶

GHSA

Content Injection in remarkable↗2020-08-31

▶