Vulnerability Details : CVE-2016-10531
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2016-10531
- cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10531
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10531
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2016-10531
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2016-10531
-
https://github.com/chjj/marked/pull/592
XSS with HTML entities by matt- · Pull Request #592 · markedjs/marked · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523
XSS with HTML entities by matt- · Pull Request #592 · markedjs/marked · GitHubPatch;Third Party Advisory
-
https://nodesecurity.io/advisories/101
npmThird Party Advisory
Jump to