What is CVE-2015-1370?

CVE-2015-1370 is a vulnerability in Marked_project Marked. Published 2015-01-27.

Is CVE-2015-1370 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Marked_project Marked

CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

EPSS: 0.003 (57.7th percentile) — read the EPSS interpretation.

Affected products

Marked_project Marked
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
HotDB-Community/HotDB-Engine

References

secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (Exploit, x_refsource_MISC)
[oss-security] 20150122 CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-1370?: CVE-2015-1370 is a vulnerability in Marked_project Marked. Published 2015-01-27.
Is CVE-2015-1370 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.