Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 11:29:14 +1000
From: Shubham Shah <>
Subject: CVE request - NodeBB Persistent XSS through Markdown


Could I please get a CVE for a Persistent XSS flaw found in NodeBB versions
< 0.70. The Github repository for this project can be found here:

The vulnerability allows for an attacker to insert malicious links within
forum posts and threads - that lead to the execution of attacker-defined
JavaScript on click. This vulnerability not only affects NodeBB but also
affects any project which uses the markdown-it project before 4.1.0.

The commits leading to the fix for this flaw can be found here:

NodeBB -

Markdown-it -

If any more details are required, please let me know.

Thank you,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ