Content Injection

Module: remarkable

Published: November 13th, 2014

Reported by: Adam Baldwin

CVE-NONE

CWE-

Vulnerable: <1.4.1
Patched: >=1.4.1

Overview

Certain input when passed into remarkable will bypass the bad prototcol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.

Example

[link](<javascript:alert(1)>)

This will be turned into <a href="javascript:alert(1)">link</a>

where as

[link](javascript:alert(1))

Would be rendered as [link](javascript:alert(1)) because it's an invalid scheme.

Remediation

Upgrade to version 1.4.1 or greater

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo