CVE-2019-9844Cross-site Scripting in Simple-markdown

CWE-79Cross-site Scripting5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 41.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Khanacademy Simple-markdownFedoraproject Fedora
Timeline
PublishedApr 9

Description

simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Also affects: Fedora 30

🔴Vulnerability Details

2
GHSA
Cross-Site Scripting in simple-markdown2019-04-09
OSV
Cross-Site Scripting in simple-markdown2019-04-09

💬Community

2
Bugzilla
CVE-2019-9844 nodejs-simple-markdown: Cross-site script through the data of a vbscript link [fedora-all]2019-04-02
Bugzilla
CVE-2019-9844 nodejs-simple-markdown: Cross-site script through the data of a vbscript link2019-04-02