CVE-2016-10531
Description
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
marked 0.3.5 and earlier improperly parse HTML entities, allowing a sanitize bypass to inject javascript: URLs and cause XSS.
Vulnerability
In marked versions before 0.3.6, the unescape function used a regex /(&#[\w]+);/g that matched HTML entity references but did not require a terminating semicolon. This enabled crafted input like ֊nything; to be partially parsed into a colon and leave the remainder anything; in the output. When used with sanitize: true, the sanitizer could be bypassed, allowing injection of javascript: URIs into links [1][2].
Exploitation
An attacker needs only the ability to provide markdown input to a marked instance with sanitize: true enabled. No authentication or special network position is required if the service is public. For example, input such as `link) would be rendered as a valid link because the HTML entity X becomes a colon and ( becomes an opening parenthesis, while the remaining document; and alert parts are left intact, resulting in a javascript:` URL that executes when clicked [2][3].
Impact
Successful exploitation results in cross-site scripting (XSS). An attacker can execute arbitrary JavaScript in the context of the victim's browser, leading to session theft, data exfiltration, or other actions on behalf of the user. The user must click on the crafted link for the attack to trigger [2].
Mitigation
Update to marked version 0.3.6 or later, released on September 15, 2015 [2][3]. The fix tightens the regex for unescaping HTML entities to require an optional semicolon and properly handle all entity forms. No known workarounds exist for earlier versions; switching to a maintained library is recommended for unpatched deployments.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
markednpm | < 0.3.6 | 0.3.6 |
Affected products
2- HackerOne/marked node modulev5Range: <=0.3.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-vfvf-mqq8-rwqcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10531ghsaADVISORY
- github.com/chjj/marked/pull/592ghsax_refsource_MISCWEB
- github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523ghsax_refsource_MISCWEB
- nodesecurity.io/advisories/101mitrex_refsource_MISC
- www.npmjs.com/advisories/101ghsaWEB
News mentions
0No linked articles in our index yet.