Home > Vulnerability Database > WS-2020-0090

Mend.io Vulnerability Database

WS-2020-0090

Good to know:

Date: May 20, 2020

ngx-md before 6.0.3 is vulnerable to Cross-Site Scripting. Links are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution.

Language: JS

Severity Score

7.4

Related Resources (2)

Url: https://github.com/dimpu/ngx-md/commit/b609cf6904b5b66dfa79e0e274d5dbd7637265b4

Url: https://www.mend.io/vulnerability-database/WS-2020-0090

Severity Score

7.4

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version ngx-md - 6.0.3

Learn More

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0090

Good to know:

Date: May 20, 2020

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?