Unrated severityNVD Advisory· Published Aug 21, 2025· Updated Dec 3, 2025
Markdown-it 14.1.0 - Cross-site scripting (XSS)
CVE-2025-7969
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs.
This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability.
Affected products
2- Range: = 14.1.0
- markdown-it/markdown-itv5Range: 14.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- fluidattacks.com/advisories/fitomitrethird-party-advisory
News mentions
0No linked articles in our index yet.