Vulnerability Database

296,702

Total vulnerabilities in the database

Cross-Site Scripting in marked

Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity

Published: Feb 25, 2021
Updated: Apr 14, 2023
GHSA: GHSA-8wp3-cp9v-44fm
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
marked	-	0.3.9

https://github.com/markedjs/marked/commit/6d1901ff71abb83aa32ca9a5ce47471382ea42a9
https://github.com/markedjs/marked/issues/925

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo