Headline
GHSA-4r9g-w48q-8jwm: HyperDown vulnerable to Cross-site Scripting
HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds.
HyperDown vulnerable to Cross-site Scripting
Moderate severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 26, 2022
Related news
CVE-2022-25849: Snyk Vulnerability Database | Snyk
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.