1185160 – (CVE-2015-1370) CVE-2015-1370 marked: VBScript content injection

Bug 1185160 (CVE-2015-1370) - CVE-2015-1370 marked: VBScript content injection

Summary: CVE-2015-1370 marked: VBScript content injection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-1370
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1185161 1185162
Blocks:
TreeView+	depends on / blocked

Reported:	2015-01-23 05:52 UTC by Kurt Seifried
Modified:	2021-10-20 10:49 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-20 10:49:18 UTC
Embargoed:

Attachments	(Terms of Use)

Description Kurt Seifried 2015-01-23 05:52:28 UTC

Xiao Long reports:

Marked 0.3.2 and earlier is vulnerable to content injection even when sanitize: true is enabled.

[xss link](vbscript:alert(1))

will get a link

<a href="vbscript:alert(1)">xss link

this script does not work in IE 11 edge mode, but works in IE 10 compatibility view.

External references:
https://nodesecurity.io/advisories/marked_vbscript_injection
https://github.com/chjj/marked/issues/492

Comment 1 Kurt Seifried 2015-01-23 05:53:35 UTC

Created marked tracking bugs for this issue:

Affects: fedora-all [bug 1185161]
Affects: epel-all [bug 1185162]

Note You need to log in before you can comment on or make changes to this bug.