Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4r9g-w48q-8jwm: HyperDown vulnerable to Cross-site Scripting

HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds.

ghsa
#xss#web#git

HyperDown vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 26, 2022

Related news

CVE-2022-25849: Snyk Vulnerability Database | Snyk

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.