Cross-site Scripting in remarkable
Moderate severity
GitHub Reviewed
Published
May 29, 2019
to the GitHub Advisory Database
•
Updated Sep 8, 2023
Description
Published by the National Vulnerability Database
May 13, 2019
Reviewed
May 14, 2019
Published to the GitHub Advisory Database
May 29, 2019
Last updated
Sep 8, 2023
Credits
-
LeSuisse Analyst
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a
\x0ejavascript:URL.References