All errata/sisyphus/ALT-PU-2018-3677-2
ALT-PU-2018-3677-2

Package update mathjax in branch sisyphus

Version2.7.4-alt1_3
Task#214653
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2018-1999024
MEDIUM5.4

MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.

Published: 2018-07-23Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References
GHSA-3c48-6pcv-88rm
MEDIUM5.4

Macro in MathJax running untrusted Javascript within a web browser

Published: 2018-07-27Modified: 2023-09-11
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References