8 matches found
EUVD-2019-0649
Malware in sbrugna...
CVE-2018-20583
Cross-site scripting XSS vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML even if allowunsafelinks is false via a newline character e.g., writing javascript as javascri%0apt...
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
CVE-2019-10010
CVE-2019-10010 affects the PHP League CommonMark library (versions up to and including 0.18.2). The vulnerability arises in the renderer when double-encoded HTML entities are not properly escaped, allowing an attacker to craft links that execute unsafe code (XSS). The issue is fixed in 0.18.3, wh...
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
CVE-2018-20583
Cross-site scripting XSS vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML even if allowunsafelinks is false via a newline character e.g., writing javascript as javascri%0apt...
CVE-2018-20583
The PHP League CommonMark library (versions 0.15.6–0.18.x before 0.18.1) is affected by CVE-2018-20583: an XSS flaw that lets remote attackers insert unsafe URLs into HTML via newline-encoded strings (e.g., javascri%0apt), even when allow_unsafe_links is false. Remediation: upgrade to 0.18.1 or l...
CVE-2018-20583
Cross-site scripting XSS vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML even if allowunsafelinks is false via a newline character e.g., writing javascript as javascri%0apt...