markdown-to-jsx
summary
Cross-site Scripting (XSS)
affected versions
*
severity
7.3

Overview

org.webjars.npm:markdown-to-jsx is a lightweight, customizable React markdown component.

This package is vulnerable to Cross-site Scripting (XSS). It is possible to circumvent sanitisation and inject script and style tags by using upper case letters, for example: <SCRIPT>alert('hi')</SCRIPT>.

References

Cash
$25
XP
730

Popularity
86

920
0