https://vulnerability.circl.lu/sightings/feed 2026-06-20T13:50:31.701773+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/02c4e581-ea3d-4ca2-8a25-0d40891dc235/export 2026-06-20T13:50:32.112867+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "02c4e581-ea3d-4ca2-8a25-0d40891dc235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7773", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/16341", "content": "\u203c CVE-2020-7773 \u203c\n\nThis affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(\"markdown-it-highlightjs\"); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){.\">js}'); console.log(reuslt_xss);\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-16T14:37:24.000000Z"} 2020-11-16T14:37:24+00:00