CVE 6.9 MEDIUM

Markdown-it 14.1.0 – Cross-site scripting (XSS)_CVE-2025-7969

August 21, 2025 invoker category_cve
6.9 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs.

This issue affects markdown-it: 14.1.0.

Basic Information

ID CVE-2025-7969
Source Fluid Attacks
Published Aug 21, 2025 at 16:40
Modified Aug 21, 2025 at 17:31

Affected Product

Vendor markdown-it
Product markdown-it
Version 14.1.0
Affected Versions markdown-it markdown-it 14.1.0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.