Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2018-0031

Good to know:

icon

Date: March 23, 2018

The affected versions (through 0.3.5) in marked package are vulnerable to Cross-Site Scripting (XSS) Due To Sanitization Bypass Using HTML Entities

Language: JS

Severity Score

Related Resources (4)

https://github.com/RetireJS/retire.js/commit/586b6c4371702ed853609a4451ad2b2c7984a788
https://github.com/markedjs/marked/pull/592
https://github.com/markedjs/marked/commit/2cff85979be8e7a026a9aca35542c470cf5da523
https://www.mend.io/vulnerability-database/WS-2018-0031

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version arthurgroup/websitebuilder - dev-admin_redesign;arthurgroup/websitebuilder - 1.1.11.x-dev;arthurgroup/websitebuilder - dev-update_custom_fields_design;arthurgroup/websitebuilder - dev-newsletter_module;arthurgroup/websitebuilder - dev-fix_backup_encoding_v2;arthurgroup/websitebuilder - dev-1.2-test-pm;arthurgroup/websitebuilder - 1.1.8.x-dev;arthurgroup/websitebuilder - dev-custom_field_button;arthurgroup/websitebuilder - dev-tg;arthurgroup/websitebuilder - 1.0.10.x-dev;tensorflow - 0.8.0;lambda/yii2-neon - no_fix;wardrobe/cabinet - dev-redactor;visonforcoding/cakephp-wpadmin - no_fix;adrexia/flowchart - no_fix;microweber/microweber - 1.1.x-dev;microweber/microweber - oop-preview;microweber/microweber - no_fix;microweber/microweber - 1.0.x-dev;microweber/microweber - dev-revert-700-1.2;microweber/microweber - 1.0.2.x-dev;laraporto/laraporto - no_fix;salimkamboh/yii2-angularjs - no_fix;websix/xlsx-compiler - no_fix;websix/xlsx-compiler - 1.0.0;ijackua/yii2-lepture-markdown-editor-widget - no_fix;reliv/rcm-plugins - no_fix;soldotno/vanilla-enterprise-module - 1.0;z4a-dotnet-scaffold - 1.0.0.3;Angular-Markdown-Editor - no_fix;20steps/bricks-demo-angularjs - no_fix;GNaP.Themes.Web.GNaP.Angular - no_fix;tinindja/microweber-for-laravel-5.8 - no_fix;tinindja/microweber-for-laravel-5.8 - 1.0.2.x-dev;tinindja/microweber-for-laravel-5.8 - oop-preview;tinindja/microweber-for-laravel-5.8 - 1.1.x-dev;dvlpp/sharp - 2.0.4;dvlpp/sharp - v1.3.28;docit/core - no_fix;jason-munro/cypht - v1.3.0;jason-munro/cypht - v1.0.0-rc1;jason-munro/cypht - no_fix;hoter/yii2-lepture-markdown - no_fix;ristorantino/install - dev-master;Raml.Parser - 1.0.7;themewizz/twz-plugin-manager-client-library - 5.0.3;dsheiko/extras - no_fix;orchestra/story - 3.3.x-dev;orchestra/story - v3.1.0;ZChat - no_fix;etdsolutions/marked - no_fix;piksera/core - no_fix;siezi/phile-admin-markdown-editor - no_fix;polymer-iron-elements - no_fix;sunra/angularjs-symfony2-bundle - no_fix;speixoto/yii2-polymer - no_fix;dungphanxuan/yii2-lepture-editor - no_fix;rcm/plugins - no_fix;schumacherfm/markdown - v2.2.0;schumacherfm/markdown - v2.1.0-rc.1;notebook - 4.2.2;ipython - 4.0.0;oimken/sharp - no_fix;rami-awadallah/myhelpers - no_fix;filsh/footable - no_fix;AvailableLight - 1.0.8;uikit/uikit - dev-dependabot/npm_and_yarn/dev-dependencies-32e16465c2;JSDoc - no_fix;20steps/bricks-custom-acme-demo-angular-bundle - no_fix;polymer-core-elements - no_fix;greenpower/asset-bundle - no_fix;marked - 0.3.6;friendsofvictoire/markdown-widget - no_fix;org.webjars:marked:0.3.2-1;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.5.X;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.5.X;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-sample-springboot:1.4.15;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-wildfly:1.4.48;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.2.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.2.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.2.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.5.X;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-no-slf4j:1.4.1;io.hawt:hawtio-custom-app:2.0.0;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.2.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.2.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-base:1.5.X;io.hawt:hawtio-base:1.4.1;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.5.X;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;io.hawt:hawtio-springboot:1.4.19;org.webjars.npm:angular-aside:no_fix;io.hawt:hawtio-default:1.2.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.2.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.5.X;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.2.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.2.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.2.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.5.X;io.hawt:hawtio-web:1.4.1;io.hawt:hawtio-web:1.2.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.5.X;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.2.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;org.webjars.npm:angular-timeline:no_fix;org.webjars.npm:commonmark:0.26.0;org.webjars.npm:github-com-iamisti-mdDataTable:no_fix;org.webjars.bower:angular-timeline:1.6.1;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.2.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.5.X;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;org.apache.activemq:artemis-console:2.10.1;org.apache.activemq:artemis-console:2.12.0;org.apache.activemq:artemis-console:2.10.0;org.apache.activemq:artemis-console:2.14.0;org.webjars.npm:md-data-table:1.8.7;org.webjars.bower:angular-patternfly:3.23.1;org.webjars.bower:angular-patternfly:no_fix;org.webjars.bower:angular-scroll-animate:0.9.9;io.hawt:hawtio-directives:1.3.0;io.hawt:hawtio-directives:1.3.0;org.webjars.npm:grunt-ngdocs:no_fix;org.webjars.npm:marked:0.3.6;org.webjars.npm:angular-patternfly:5.0.1;org.webjars.npm:angular-ui-router:0.2.17

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us