VulnerableCode Vulnerability Details - VCID-34a4-7ede-7qfd

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-34a4-7ede-7qfd

Essentials
Severities (16)
References (13)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-34a4-7ede-7qfd
Aliases	CVE-2015-1370 GHSA-cfjh-p3g4-3q2f
Summary	VBScript Content Injection in marked
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2015-1370
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2015-1370
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2015-1370
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2015-1370
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-cfjh-p3g4-3q2f
cvssv3	6.5	https://github.com/chjj/marked/issues/492
generic_textual	MODERATE	https://github.com/chjj/marked/issues/492
generic_textual	MODERATE	https://github.com/evilpacket/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba
generic_textual	MODERATE	https://github.com/markedjs/marked
generic_textual	MODERATE	https://github.com/markedjs/marked/commit/fc372d1c6293267722e33f2719d57cebd67b3da1
generic_textual	MODERATE	https://github.com/markedjs/marked/issues/492
cvssv3	6.5	https://github.com/nodejs/security-wg/blob/main/vuln/npm/24.json
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-1370
generic_textual	MODERATE	https://www.npmjs.com/advisories/24
generic_textual	MODERATE	https://www.npmjs.com/advisories/24/versions
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2015/01/23/2

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2015-1370
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1370
		https://github.com/chjj/marked/issues/492
		https://github.com/evilpacket/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba
		https://github.com/markedjs/marked
		https://github.com/markedjs/marked/commit/fc372d1c6293267722e33f2719d57cebd67b3da1
		https://github.com/markedjs/marked/issues/492
		https://www.npmjs.com/advisories/24
		https://www.npmjs.com/advisories/24/versions
		http://www.openwall.com/lists/oss-security/2015/01/23/2
24		https://github.com/nodejs/security-wg/blob/main/vuln/npm/24.json
CVE-2015-1370		https://nvd.nist.gov/vuln/detail/CVE-2015-1370
GHSA-cfjh-p3g4-3q2f		https://github.com/advisories/GHSA-cfjh-p3g4-3q2f

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.57813
EPSS Score	0.00349
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:23:44.983434+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-cfjh-p3g4-3q2f	38.6.0