19 matches found
Fedora 44 : gum (2026-10cf6ce616)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-10cf6ce616 advisory. Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160. Tenable has extracted the preceding description block directly from the Fedora security advisory...
EUVD-2026-22836
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
GHSA-C97M-VXHJ-P7J6 goldmark vulnerable to Cross-site Scripting (XSS)
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
goldmark vulnerable to Cross-site Scripting (XSS)
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-5160
A flaw was found in github.com/yuin/goldmark/renderer/html. This Cross-site Scripting XSS vulnerability allows a remote attacker to execute arbitrary scripts in the context of applications that render a malicious URL. The flaw stems from an improper ordering of URL validation and normalization,...
Linux Distros Unpatched Vulnerability : CVE-2026-5160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validati...
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
UBUNTU-CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-5160
Summary: CVE-2026-5160 affects the Go package github.com/yuin/goldmark/renderer/html prior to 1.7.17, where cross-site scripting (XSS) can occur due to the order of URL validation and entity resolution. The renderer checks destinations with IsDangerousURL before HTML entity decoding, allowing an ...
PT-2026-33004
Name of the Vulnerable Software and Affected Versions github.com/yuin/goldmark/renderer/html versions prior to 1.7.17 Description Improper ordering of URL validation and normalization allows Cross-site Scripting XSS. The renderer performs a prefix-based check using the IsDangerousURL function to...
goldmark 安全漏洞
Goldmark is a Markdown parser written in Go language by Yusuke Inuzuka. Versions of Goldmark prior to 1.7.17 contained security vulnerabilities, which were caused by improper URL validation and normalization order. These vulnerabilities could lead to cross-site scripting attacks...
CVE-2026-5160
Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...
CVE-2026-35600
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...
CVE-2026-35600
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...
FreeBSD : gitea -- quoting in markdown text (1431a25c-8a70-11eb-bd16-0800278d94f0)
The Gitea Team reports for release 1.13.5 : - Update to goldmark 1.3.3 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2021 Jacques Vidrine and contributors Redistribution and use in source VuX...
gitea -- quoting in markdown text
The Gitea Team reports for release 1.13.5: Update to goldmark 1.3.3...