CVE-2014-3743

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2014/05/15/2", "name": "http://www.openwall.com/lists/oss-security/2014/05/15/2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "name": "https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2014/05/13/1", "name": "http://www.openwall.com/lists/oss-security/2014/05/13/1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3743", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2020-01-06T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.3.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-01-13T18:52Z"}