CVE-2014-10065

CVE-2014-10065

Vendor Hackerone
Product remarkable node module
Weakness CWE-94 · Code injection
Published May 31, 2018
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.

Key dates

02Disclosure timeline

May 31, 2018 CVE published
September 16, 2024 Record updated