10 matches found
CVE-2026-59710
A flaw was found in Showdown. This vulnerability, a stored cross-site scripting XSS issue, allows an attacker to inject malicious code into web pages. By exploiting unescaped table header ID attributes in markdown, an attacker can embed arbitrary HTML and script-executing elements. When untrusted...
CVE-2026-59710
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...
CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...
20mk-utils (>=1.0.0 <=1.0.3), 2d-spirograph (>=1.0.2 <=1.0.4) +2122 more potentially affected by CVE-2024-1899 via showdown (>=0.0.1 <=2.1.0)
showdown NPM version =0.0.1, =1.0.0, =1.0.2, =2.0.4, =1.0.6, =0.1.4, =0.1.4, =0.1.4, =13.351.0, =13.351.0, =7.10.0, =7.10.0, =0.0.3, =0.5.0 - @adalink/spark-chat =1.0.0 and more Source cves: CVE-2024-1899 Source advisory: OSV:GHSA-RMMH-P597-PPVV...
Showdown Security Vulnerability
Showdown is ShowdownJS open source a JavaScript Markdown to HTML converter . A security vulnerability exists in Showdown version 2.1.0 and earlier versions. A remote attacker could exploit this vulnerability to cause a system denial of service...
org.webjars.bower:ng-swagger-ui (=0.0.4) potentially affected by CVE-2024-1899 via org.webjars.bower:showdown (=1.7.6)
org.webjars.bower:showdown MAVEN version =1.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:showdown and may be impacted: - org.webjars.bower:ng-swagger-ui =0.0.4 Source cves: CVE-2024-1899 Source advisory:...
org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2024-1899 via org.webjars:showdown (=0.3.1)
org.webjars:showdown MAVEN version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:showdown and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARS-8685134...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details Denial...
com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0), org.webjars.npm:github-com-showdownjs-ng-showdown (=1.1.0) +3 more potentially affected by CVE-2024-1899 via org.webjars.npm:showdown (>=1.9.1 <=2.1.0)
org.webjars.npm:showdown MAVEN version =1.9.1, =2.0.0, =1.0.2, =1.0.3 - org.webjars.npm:showdown-prism =0.2.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8685132...
@ambers/helios (>=0.10.0 <=0.13.5), @cloudmosaic/quickstarts (>=1.0.0-rc.0 <=1.0.0-rc.1) +180 more potentially affected by unknown CVE via showdown (>=0.0.1 <=1.9.0)
showdown NPM version =0.0.1, =0.10.0, =1.0.0-rc.0, =1.0.0, =1.0.0-alpha.1, =2.0.0, =0.4.0, =1.6.3, =5.2.1, =0.0.11, =0.0.9, =0.0.2, =1.0.0, =1.0.1, =2.4.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H6MQ-3CJ6-H738...