3 matches found
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...
CVE-2017-11594
CVE-2017-11594 affects Loomio’s Markdown parser prior to version 1.8.0. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML through non-sanitized Markdown content in new threads or thread comments. The root cause is improper saniti...
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...