QwikSec

Security Database

CVE

CWE

Training

CVE-2025-7969

Published: Aug 21, 2025

Modified: Dec 3, 2025

PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in markdown-it allows Cross-Site Scripting (XSS). This vulnerability is associated with program files lib/renderer.mjs. This issue affects markdown-it: 14.1.0. NOTE: the Supplier does not consider this issue to be a vulnerability.

Vendor	Product	Versions
markdown-it	markdown-it	affected `14.1.0`

Weaknesses (CWE)

References

https://fluidattacks.com/advisories/fito

third-party-advisory

https://github.com/markdown-it/markdown-it

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.