Description
This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
Published: 2022-07-25
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-6435 This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.
Github GHSA Github GHSA GHSA-wfvx-fx73-3rfj markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped
History

No history.

Subscriptions

Markdown-it-toc Project Markdown-it-toc
cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published:

Updated: 2024-09-16T23:01:17.912Z

Reserved: 2020-11-12T00:00:00.000Z

Link: CVE-2020-28455

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-07-25T14:15:09.713

Modified: 2026-06-17T03:10:29.030

Link: CVE-2020-28455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses