7 matches found
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
Moderate severity vulnerability that affects league/commonmark
CVE-2019-10010 Impact In league/commonmark 0.18.2 and below, malicious users can insert double-encoded HTML entities into their Markdown like this: md XSS This library would correctly unescape the & entity to & during the parsing step. However, the renderer step would fail to properly re-escape t...
GHSA-3V43-877X-QGMQ Moderate severity vulnerability that affects league/commonmark
CVE-2019-10010 Impact In league/commonmark 0.18.2 and below, malicious users can insert double-encoded HTML entities into their Markdown like this: md XSS This library would correctly unescape the & entity to & during the parsing step. However, the renderer step would fail to properly re-escape t...
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
CVE-2019-10010
Cross-site scripting XSS vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583...
XSS vulnerability with double-encoded entities
An XSS vulnerability CVE-2019-10010 has been identified in all previous versions of this library 0.18.2 and below. The issue has been fixed in version 0.18.3. All users should upgrade to version 0.18.3 immediately. Additionally, if your application caches the resulting HTML, please purge and/or...