CVE-2014-3743Cross-site Scripting in Project Marked

CWE-79Cross-site Scripting9 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 30.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Marked Project MarkedDebian Node-marked
Timeline
PublishedJan 6
Latest updateAug 31

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/node-marked< node-marked 0.3.1+dfsg-1 (bookworm)

🔴Vulnerability Details

4
GHSA
Multiple Content Injection Vulnerabilities in marked2020-08-31
OSV
Multiple Content Injection Vulnerabilities in marked2020-08-31
OSV
CVE-2014-3743: Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 02020-01-06
OSV
CVE-2014-3743: Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 02020-01-06

📋Vendor Advisories

1
Debian
CVE-2014-3743: node-marked - Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before ...2014

💬Community

3
Bugzilla
CVE-2014-3743 marked: multiple content injection vulnerabilities [fedora-all]2014-06-17
Bugzilla
CVE-2014-3743 marked: multiple content injection vulnerabilities [epel-6]2014-06-17
Bugzilla
CVE-2014-3743 marked: multiple content injection vulnerabilities2014-06-17