CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/hackmdio/codimd/issues/1263
https://github.com/hackmdio/codimd/issues/1263

Products affected by CVE-2019-15499

Apple » Safari » Version: N/A

cpe:2.3:a:apple:safari:-
Hackmd » Codimd » Version: 1.3.1

cpe:2.3:a:hackmd:codimd:1.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-15499

Products

Pricing

Contact Us