Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS05ZzRmLTVycGctNDk0OM4AAYu7

Moderate EPSS: 0.00343% (0.56343 Percentile) EPSS:
Permalink JSON

NodeBB Cross-site Scripting Vulnerability in Markdown Processing

Affected Packages Affected Versions Fixed Versions
npm:nodebb-plugin-markdown
PURL: pkg:npm/nodebb-plugin-markdown
< 5.1.1 5.1.1
4 Dependent packages
224 Dependent repositories
5,891 Downloads last month

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4-1, 0.3.4-2, 0.4.0-1, 0.4.0-2, 0.4.0-3, 0.4.1, 0.4.2, 0.5.0-1, 0.5.0-2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.7, 0.6.8, 0.6.9, 0.6.10, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.16, 4.0.17, 5.0.0, 5.0.1

All unaffected versions

5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 6.0.0, 6.0.1, 6.0.2, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 8.0.0, 8.0.2, 8.0.3, 8.1.0, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 8.4.2, 8.4.3, 8.4.4, 8.5.0, 8.5.1, 8.6.0, 8.6.1, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.8.0, 8.8.1, 8.8.2, 8.8.3, 8.8.4, 8.8.5, 8.8.6, 8.8.7, 8.8.8, 8.9.0, 8.9.1, 8.9.2, 8.10.0, 8.10.1, 8.10.2, 8.10.3, 8.10.4, 8.11.0, 8.11.1, 8.11.2, 8.12.0, 8.12.1, 8.12.2, 8.12.3, 8.12.4, 8.12.5, 8.12.6, 8.12.7, 8.12.8, 8.12.9, 8.12.10, 8.13.0, 8.13.1, 8.14.0, 8.14.1, 8.14.2, 8.14.3, 8.14.4, 8.14.5, 8.14.6, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.1.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.1.7, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, 12.2.9, 13.0.0, 13.1.0, 13.1.1, 13.1.2, 13.2.0, 13.2.1, 13.2.2
npm:nodebb
PURL: pkg:npm/nodebb
< 0.70 0.70
1 Dependent packages
3 Dependent repositories
549 Downloads last month

Affected Version Ranges

All affected versions

0.4.3, 0.6.1, 0.6.1-dev, 0.7.0, 0.8.2

All unaffected versions

1.4.0

Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.

References:

Identifiers

GHSA-9g4f-5rpg-4948

CVE-2015-3296

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00343

EPSS Percentile: 0.56343

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/NodeBB/NodeBB

Date and time

Published

over 3 years ago

Updated

20 days ago

API

JSON