CVE-2014-10065

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.

jonschlinkert/remarkable
jonschlinkert/remarkable
Markdown parser, done right. Commonmark support, extensions, syntax plugins, high speed - all in one. Gulp and metalsmith plugins available. Used by Facebook, Docusaurus and many others! Use https://github.com/breakdance/breakdance for HTML-to-markdown conversion. Use https://github.com/jonschlinkert/markdown-toc to generate a table of contents.
GitHubGitHub
5.83K