GHSA-6r62-qf74-xpggMediumCVSS 4.8
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the...
🔗 CVE IDs covered (1)
📋 Description
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.