GHSA-929m-phjg-qwcc: Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS

April 1, 2025 (updated April 2, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references.

Original Description

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.

References

github.com/advisories/GHSA-929m-phjg-qwcc
github.com/advisories/GHSA-qwj6-q94f-8425
github.com/arnog/mathlive/commit/abc26056fd5e29a99edfa96a0bbe855ea2a8b678
nvd.nist.gov/vuln/detail/CVE-2025-29049

Code Behaviors & Features

Detect and mitigate GHSA-929m-phjg-qwcc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →