{"id":"CVE-2019-9844","details":"simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.","aliases":["GHSA-qj3f-9gmq-fwv5"],"modified":"2026-04-02T02:08:41.963601Z","published":"2019-04-09T02:29:02.163Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFLP3KJVSV5VWMNEBRXLGRVYFXOV5KOG/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZG2I7VH7WLSEUQ77KYP5CRAVFT2RK2U/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5EFW655O3BXZYAPB65XEREXB2DSNSOT/"},{"type":"ADVISORY","url":"https://www.npmjs.com/package/simple-markdown/v/0.4.4"},{"type":"ADVISORY","url":"https://github.com/Khan/simple-markdown/pull/63"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/khan/simple-markdown","events":[{"introduced":"0"},{"fixed":"e8e40487ae9438075b5bb52176182c9bf69b7b34"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.4.4"}]}}],"versions":["0.0.9","0.1.0","0.1.1","0.2.2","0.3.0","0.3.1","0.3.2","0.3.3","0.4.0","0.4.2","0.4.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"30"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9844.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}