CVE-2024-21535

CVSS 6.1 · Medium EPSS 0.17% · P38 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-21535

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

markdown-to-jsx 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

markdown-to-jsx是Evan Jacobs个人开发者的一个最轻量级、可定制的 React markdown 组件。 markdown-to-jsx 7.4.0版本之前存在安全漏洞，该漏洞源于输入清理不当。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	markdown-to-jsx	0 ~ 7.4.0	-

II. Public POCs for CVE-2024-21535

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-21535

请登录查看更多情报信息。

Same Patch Batch · n/a · 2024-10-15 · 27 CVEs total

CVE-2024-31955	4.9 MEDIUM	SAMSUNG eMMC 安全漏洞
CVE-2024-49195		Mbed TLS 安全漏洞
CVE-2024-48712		TP-LINK TL-WDR7660 安全漏洞
CVE-2024-48710		TP-LINK TL-WDR7660 安全漏洞
CVE-2024-48779		WonderShare Yitu 安全漏洞
CVE-2024-48411		itsourcecode Online Tours and Travels Management System 安全漏洞
CVE-2024-48781		WonderShare Yitu 安全漏洞
CVE-2024-48713		TP-LINK TL-WDR7660 安全漏洞
CVE-2024-48714		TP-LINK TL-WDR7660 安全漏洞
CVE-2024-48783		Ruijie Networks NBR3000D-E 安全漏洞
CVE-2024-48782		DYCMS 安全漏洞
CVE-2024-44775		KMQTT 安全漏洞
CVE-2024-44337		Markdown 安全漏洞
CVE-2024-48282		PHPGurukul User Registration & Login and User Management System 安全漏洞
CVE-2024-41311		libheif 安全漏洞
CVE-2024-41344		CodeIgniter 安全漏洞
CVE-2024-35584		Open Solutions For Education openSIS 安全漏洞
CVE-2023-31493		ZoneMinder 安全漏洞
CVE-2024-48948		Elliptic 安全漏洞
CVE-2024-48624		Domainmod 安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-79

V. Comments for CVE-2024-21535

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-21535

I. Basic Information for CVE-2024-21535

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-21535

III. Intelligence Information for CVE-2024-21535

Same Patch Batch · n/a · 2024-10-15 · 27 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-21535

Leave a comment