Vulnerabilities > CVE-2015-1370 - Unspecified vulnerability in Marked Project Marked

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

marked-project

NVD

Published: 2015-01-27

Updated: 2015-01-28

Summary

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. <a href="http://cwe.mitre.org/data/definitions/184.html">CWE-184: Incomplete Blacklist</a>

Vulnerable Configurations

Part	Description	Count
Application	Marked_Project Marked Project Marked 0.0.1 Marked Project Marked 0.0.2 Marked Project Marked 0.0.3 Marked Project Marked 0.0.4 Marked Project Marked 0.0.5 Marked Project Marked 0.0.6 Marked Project Marked 0.0.7 Marked Project Marked 0.0.8 Marked Project Marked 0.0.9 Marked Project Marked 0.1.0 Marked Project Marked 0.1.1 Marked Project Marked 0.1.2 Marked Project Marked 0.1.3 Marked Project Marked 0.1.4 Marked Project Marked 0.1.5 Marked Project Marked 0.1.6 Marked Project Marked 0.1.7 Marked Project Marked 0.1.8 Marked Project Marked 0.1.9 Marked Project Marked 0.2.0 Marked Project Marked 0.2.1 Marked Project Marked 0.2.2 Marked Project Marked 0.2.2-1 Marked Project Marked 0.2.3 Marked Project Marked 0.2.4 Marked Project Marked 0.2.4-1 Marked Project Marked 0.2.5 Marked Project Marked 0.2.5C Marked Project Marked 0.2.6 Marked Project Marked 0.2.7 Marked Project Marked 0.2.8 Marked Project Marked 0.2.9 Marked Project Marked 0.2.10 Marked Project Marked 0.3.0 Marked Project Marked 0.3.1 Marked Project Marked 0.3.2	70

Summary

Vulnerable Configurations

References