5 matches found
CVE-2025-46734
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734
CVE-2025-46734 affects the PHP Markdown parser league/commonmark, specifically the Attributes extension (versions 1.5.0–2.6.x). The vulnerability allows injection of dangerous HTML attributes via Markdown syntax (e.g., curly braces) that can bypass HTML sanitization settings. Version 2.7.0 mitiga...