CVE-2025-7969
MEDIUMmarkdown-it 14.1.0 - Cross-Site Scripting in Renderer
Title source: llmDescription
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability.
References (3)
Core 3
Core References
Exploit, Third Party Advisory third-party-advisory
https://fluidattacks.com/advisories/fito
Issue Tracking
https://github.com/markdown-it/markdown-it/issues/1122
Scores
CVSS v3
6.1
EPSS
0.0023
EPSS Percentile
13.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
markdown-it_project/markdown-it
14.1.0
Published
Aug 21, 2025
Tracked Since
Feb 18, 2026