CVE-2018-1999024
Last modified
CVE-2018-1999024 is a vulnerability of currently unknown severity. MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mathjax | Mathjax | < 2.7.4 |
References
- https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.htmlExploit, Third Party Advisory
- https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1Patch, Third Party Advisory
- https://blog.bentkowski.info/2018/06/xss-in-google-colaboratory-csp-bypass.htmlExploit, Third Party Advisory
- https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1999024?
How severe is CVE-2018-1999024?
How do I fix CVE-2018-1999024?
Are you affected by CVE-2018-1999024?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST