CVE-2020-28459

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/markdown-it-decorate

Identifiers

GHSA-rhf5-2378-3w3w, CVE-2020-28459

Package Slug

npm/markdown-it-decorate

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.

Affected Versions

All versions up to 1.2.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-07-26

source