Simple Markdown
1 CVEs
product
Monthly
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Simple Markdown
Fedora
NVD
GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-9844
npm
EPSS 1%
CVSS 6.1
MEDIUM
PATCH
This Month
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Simple Markdown
Fedora
NVD
GitHub