MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.

No history.

cve-icon MITRE


Assigner: mitre


Updated: 2024-09-16T22:46:40.801Z

Reserved: 2018-07-23T00:00:00Z

Link: CVE-2018-1999024

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-23T16:29:00.320

Modified: 2024-11-21T03:57:04.703

Link: CVE-2018-1999024

cve-icon Redhat

No data.