Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marked Project | Marked | < 0.3.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2014/05/13/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/15/2Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743Issue TrackingThird Party Advisory
- https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabiliBroken Link
- http://www.openwall.com/lists/oss-security/2014/05/13/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/15/2Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743Issue TrackingThird Party Advisory
- https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabiliBroken Link
FAQ
What is CVE-2014-3743?
CVE-2014-3743 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblock...
How severe is CVE-2014-3743?
CVE-2014-3743 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3743?
Check the references section above for vendor advisories and patch information. Affected products include: Marked Project Marked.