VBScript Content Injection

Module: marked

Published: January 22nd, 2015

Reported by: Xiao Long

CVE-2015-1370

CWE-74

Vulnerable: <=0.3.2
Patched: >=0.3.3

Overview

Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set.

Proof of Concept ( IE10 Compatibility Mode Only )

[xss link](vbscript:alert(1&#41;)

will get a link

<a href="vbscript:alert(1)">xss link</a>

Remediation

Update to version 0.3.3 or later.

References

Issue 492