Advisories for Npm/Mathlive package

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.

Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS.

Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS.