Lucene search
K
ThephpleagueCommonmark

4 matches found

CVE
CVE
added 2019/03/24 5:58 p.m.86 views

CVE-2019-10010

CVE-2019-10010 affects the PHP League CommonMark library (versions up to and including 0.18.2). The vulnerability arises in the renderer when double-encoded HTML entities are not properly escaped, allowing an attacker to craft links that execute unsafe code (XSS). The issue is fixed in 0.18.3, wh...

6.1CVSS5.9AI score0.0105EPSS
CVE
CVE
added 2018/12/30 5:0 a.m.69 views

CVE-2018-20583

The PHP League CommonMark library (versions 0.15.6–0.18.x before 0.18.1) is affected by CVE-2018-20583: an XSS flaw that lets remote attackers insert unsafe URLs into HTML via newline-encoded strings (e.g., javascri%0apt), even when allow_unsafe_links is false. Remediation: upgrade to 0.18.1 or l...

6.1CVSS5.9AI score0.01597EPSS
CVE
CVE
added 2026/03/07 4:0 p.m.21 views

CVE-2026-30838

CVE-2026-30838 affects league/commonmark, a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting ASCII whitespace between a disallowed HTML tag name and the closing >, e.g., , enabling a cross-site scripting (XSS) vector for applications tha...

6.1CVSS5.7AI score0.00217EPSS
CVE
CVE
added 2026/03/24 7:26 p.m.16 views

CVE-2026-33347

Summary: CVE-2026-33347 affects league/commonmark’s Embed extension DomainFilteringAdapter. A missing hostname boundary assertion in the domain-matching regex allows an attacker-controlled domain (e.g., youtube.com.evil) to bypass the allowlist, potentially treating untrusted content as allowed. ...

6.3CVSS5.8AI score0.00241EPSS