3 matches found
CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...
CVE-2026-59711
CVE-2026-59711 affects the showdown library. A cross-site scripting vulnerability exists in metadata title handling when the completeHTMLDocument option is enabled; unescaped characters in markdown frontmatter metadata are placed into HTML title tags, allowing script execution in the rendered pa...
VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting
VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting Andrea Sindoni - @invictus1306 XSS vulnerability via metadata 1. Introduction Affected Product: VLC 2.2.1 / WEB INTERFACE Vulnerability Type: XSS 2. Vulnerability Description XSS vulnerability via metadata title 3...