Moderate severityGHSA Advisory· Published Jul 25, 2022· Updated Sep 16, 2024
Cross-site Scripting (XSS)
CVE-2020-28455
Description
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
markdown-it-tocnpm | <= 1.1.0 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-wfvx-fx73-3rfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28455ghsaADVISORY
- security.snyk.io/vuln/SNYK-JS-MARKDOWNITTOC-1044067ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.