Lucene search
+L

43 matches found

redhatcve
redhatcve
added 2026/07/08 11:1 a.m.5 views

CVE-2026-59710

A flaw was found in Showdown. This vulnerability, a stored cross-site scripting XSS issue, allows an attacker to inject malicious code into web pages. By exploiting unescaped table header ID attributes in markdown, an attacker can embed arbitrary HTML and script-executing elements. When untrusted...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/07/08 4:15 a.m.6 views

CVE-2026-59711

A flaw was found in showdown. This cross-site scripting XSS vulnerability occurs in the metadata title handling when the completeHTMLDocument option is enabled. An attacker can exploit this by injecting unescaped less-than and greater-than characters into markdown frontmatter metadata. This allow...

6.1CVSS6.5AI score0.00187EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/06 9:15 p.m.3 views

CVE-2026-59710

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/06 9:15 p.m.33 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS0.00198EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/07/06 9:15 p.m.9 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References4
osv
osv
added 2026/07/06 9:15 p.m.4 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References6
cve
cve
added 2026/07/06 9:15 p.m.10 views

CVE-2026-59710

Showdown (the Showdown library) contains a stored XSS flaw in parseHeaders (src/subParsers/makehtml/tables.js) where table header ID attributes are not properly escaped. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in Markdown table headers...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/06 9:0 p.m.37 views

CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS0.00187EPSS
Exploits0References3
cve
cve
added 2026/07/06 9:0 p.m.12 views

CVE-2026-59711

CVE-2026-59711 affects the showdown library. A cross-site scripting vulnerability exists in metadata title handling when the completeHTMLDocument option is enabled; unescaped characters in markdown frontmatter metadata are placed into HTML title tags, allowing script execution in the rendered pa...

6.1CVSS6AI score0.00187EPSS
Exploits0References3
osv
osv
added 2026/07/06 9:0 p.m.5 views

CVE-2026-59711 showdown - Cross-Site Scripting via Unescaped Metadata Title in completeHTMLDocument

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

5.3CVSS6AI score0.00187EPSS
Exploits0References5
akamaiblog
akamaiblog
added 2026/03/12 7:0 p.m.7 views

RSAC 2026: Tag in a Partner for the AI Security Showdown

Legacy security wasn't built for autonomous AI. See how Akamai partners are stepping into the ring to build trust and secure the agentic enterprise...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2025/06/04 6:30 p.m.6 views

net.aequologica.neo:geppaequo-tags (>=0.5.3 <=0.6.0), net.aequologica.neo:geppaequo-web (>=0.5.3 <=0.6.0) +4 more potentially affected by CVE-2025-2336 via org.webjars.npm:angular-sanitize (>=1.5.0-beta.0 <=1.8.3)

org.webjars.npm:angular-sanitize MAVEN version =1.5.0-beta.0, =0.5.3, =0.5.3, =0.6.0 - org.webjars.npm:angular-auto-complete =1.7.4 - org.webjars.npm:angular-material-calendar =0.2.14 - org.webjars.npm:angular-schema-form =0.8.13 - org.webjars.npm:github-com-showdownjs-ng-showdown =1.1.0 Source...

4.8CVSS7AI score0.00302EPSS
Exploits0
vulnersosv
vulnersosv
added 2024/02/26 9:31 p.m.6 views

20mk-utils (>=1.0.0 <=1.0.3), 2d-spirograph (>=1.0.2 <=1.0.4) +2122 more potentially affected by CVE-2024-1899 via showdown (>=0.0.1 <=2.1.0)

showdown NPM version =0.0.1, =1.0.0, =1.0.2, =2.0.4, =1.0.6, =0.1.4, =0.1.4, =0.1.4, =13.351.0, =13.351.0, =7.10.0, =7.10.0, =0.0.3, =0.5.0 - @adalink/spark-chat =1.0.0 and more Source cves: CVE-2024-1899 Source advisory: OSV:GHSA-RMMH-P597-PPVV...

5.3CVSS6AI score0.008EPSS
Exploits1
cnnvd
cnnvd
added 2024/02/26 12:0 a.m.7 views

Showdown Security Vulnerability

Showdown is ShowdownJS open source a JavaScript Markdown to HTML converter . A security vulnerability exists in Showdown version 2.1.0 and earlier versions. A remote attacker could exploit this vulnerability to cause a system denial of service...

5.3CVSS6.5AI score0.008EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2024/02/25 10:0 p.m.5 views

org.webjars.bower:ng-swagger-ui (=0.0.4) potentially affected by CVE-2024-1899 via org.webjars.bower:showdown (=1.7.6)

org.webjars.bower:showdown MAVEN version =1.7.6 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:showdown and may be impacted: - org.webjars.bower:ng-swagger-ui =0.0.4 Source cves: CVE-2024-1899 Source advisory:...

5.3CVSS6AI score0.008EPSS
Exploits1
vulnersosv
vulnersosv
added 2024/02/25 10:0 p.m.6 views

org.webjars:angular-markdown-directive (=0.3.0) potentially affected by CVE-2024-1899 via org.webjars:showdown (=0.3.1)

org.webjars:showdown MAVEN version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars:showdown and may be impacted: - org.webjars:angular-markdown-directive =0.3.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARS-8685134...

5.3CVSS6AI score0.008EPSS
Exploits1
snyk
snyk
added 2024/02/25 10:0 p.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details Denial...

6.9CVSS6.6AI score0.008EPSS
Exploits1References2
snyk
snyk
added 2024/02/25 10:0 p.m.5 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.bower:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...

6.9CVSS6.6AI score0.008EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2024/02/25 10:0 p.m.6 views

com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0), org.webjars.npm:github-com-showdownjs-ng-showdown (=1.1.0) +3 more potentially affected by CVE-2024-1899 via org.webjars.npm:showdown (>=1.9.1 <=2.1.0)

org.webjars.npm:showdown MAVEN version =1.9.1, =2.0.0, =1.0.2, =1.0.3 - org.webjars.npm:showdown-prism =0.2.0 Source cves: CVE-2024-1899 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-8685132...

5.3CVSS6AI score0.008EPSS
Exploits1
snyk
snyk
added 2024/02/25 10:0 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the anchors subparser in anchors.js AKA links.js. PoC time node -e '/?:^|^\ ??:\n ?.?/g.test"".repeat9999' Details...

6.9CVSS6.6AI score0.008EPSS
Exploits1References2
Rows per page
Query Builder