VBScript Content Injection

Module: marked

Published: January 22nd, 2015

Reported by: Xiao Long

CVE-2015-1370

CWE-74

Vulnerable: <=0.3.2
Patched: >=0.3.3

Overview

Marked 0.3.2 and earlier is vulnerable to content injection even when sanitize: true is enabled.

[xss link](vbscript:alert(1&#41;)

will get a link

<a href="vbscript:alert(1)">xss link</a>

this script does not work in IE 11 edge mode, but works in IE 10 compatibility view.

Remediation

Update to version 0.3.3 or greater.

References

Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo