Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1370

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1370
Last Modified 28 Jan 2015 02:39:15
Published 27 Jan 2015 03:04:27
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1370

Summary

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

Vulnerable Systems

Application

  • Marked Project Marked 0.3.2


References

MISC - https://nodesecurity.io/advisories/marked_vbscript_injection

MISC - https://github.com/evilpacket/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba

MISC - https://github.com/chjj/marked/issues/492

MLIST - [oss-security] 20150122 CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order


Last Updated: 27 May 2016 11:07:38