CVE-2025-7969

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs.

This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
Fluid AttacksCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Debian logo
Debian Releases
Debian Product
Codename
node-markdown-it
bullseye
unimportant
forky
unimportant
sid
unimportant
bookworm
unimportant
trixie
unimportant
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/fito
https://github.com/markdown-it/markdown-it
https://github.com/markdown-it/markdown-it/issues/1122
https://fluidattacks.com/advisories/fito