GHSA-929m-phjg-qwcc: XSS
First published: Tue Apr 01 2025(Updated: )
### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references. ### Original Description Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/mathlive | <0.104.0 | 0.104.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-929m-phjg-qwcc?
GHSA-929m-phjg-qwcc has been classified as a duplicate advisory and does not have a severity rating.
How do I fix GHSA-929m-phjg-qwcc?
To fix GHSA-929m-phjg-qwcc, upgrade to MathLive version 0.104.0 or later.
What is the main issue described in GHSA-929m-phjg-qwcc?
GHSA-929m-phjg-qwcc describes a Cross Site Scripting vulnerability in MathLive versions v0.103.0 and earlier.
Is GHSA-929m-phjg-qwcc still a concern for systems using MathLive?
No, GHSA-929m-phjg-qwcc is no longer a concern if MathLive is updated to version 0.104.0 or later.
What should I do if I can't upgrade MathLive due to other dependencies?
If upgrading MathLive is not possible, consider reviewing your application for potential XSS attack vectors and implement appropriate mitigation strategies.
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-929m-phjg-qwcc
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/source
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/type
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- package-manager/npm