Cross-site Scripting in markdown-it-highlightjs
Moderate severity
GitHub Reviewed
Published
Feb 10, 2022
to the GitHub Advisory Database
•
Updated Sep 5, 2023
Description
Published by the National Vulnerability Database
Nov 16, 2020
Reviewed
Apr 15, 2021
Published to the GitHub Advisory Database
Feb 10, 2022
Last updated
Sep 5, 2023
This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature.
References