Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 10 Apr 2015 11:29:14 +1000
From: Shubham Shah <>
Subject: CVE request - NodeBB Persistent XSS through Markdown


Could I please get a CVE for a Persistent XSS flaw found in NodeBB versions
< 0.70. The Github repository for this project can be found here:

The vulnerability allows for an attacker to insert malicious links within
forum posts and threads - that lead to the execution of attacker-defined
JavaScript on click. This vulnerability not only affects NodeBB but also
affects any project which uses the markdown-it project before 4.1.0.

The commits leading to the fix for this flaw can be found here:

NodeBB -

Markdown-it -

If any more details are required, please let me know.

Thank you,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.