Incomplete Blacklist Vulnerability in Marked 0.3.2 and Earlier: Remote Cross-Site Scripting (XSS) via vbscript Tag

Incomplete Blacklist Vulnerability in Marked 0.3.2 and Earlier: Remote Cross-Site Scripting (XSS) via vbscript Tag

CVE-2015-1370 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

Learn more about our Web Application Penetration Testing UK.