CVE-2015-1370: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 27, 2015 (updated January 28, 2015)

Incomplete block list vulnerability in marked for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

References

nvd.nist.gov/vuln/detail/CVE-2015-1370

Detect and mitigate CVE-2015-1370 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →