Advisory #15
TitleQiita::Markdown cross-site scripting via crafted iframe
CVE IDCVE-2021-28796
VendorIncrements Inc.
Affected productQiita::Markdown
Affected versions- 0.32.0
Vulnerability typeCWE-79 (Cross-site Scripting)
DescriptionQiita::Markdown has a vulnerability that allows cross-site scripting via javascript: URL in iframe
StatusFixed in 0.33.0
RecommendationUpdate to 0.33.0 or above