CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/hackmdio/codimd/issues/1263 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T00:49:13.552Z
Reserved: 2019-08-22T00:00:00
Link: CVE-2019-15499

No data.

Status : Modified
Published: 2019-08-23T04:15:11.490
Modified: 2024-11-21T04:28:52.570
Link: CVE-2019-15499

No data.