2 matches found
EUVD-2026-41954
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...
Hugo 安全漏洞
Gohugoio Hugo is a framework from the Gohugoio community based on the Go language for rapid generation of static sites. A security vulnerability exists in Hugo versions prior to v0.123.0, which stems from Markdown headers not being escaped in internal rendering hooks...