Lucene search
Veracode Vulnerability DatabaseVERACODE:13499HistoryMar 25, 2019 - 5:30 a.m.
Cross-Site Scripting (XSS)
2019-03-2505:30:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.001
Percentile
43.8%
league/commonmark is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via unsafe links using double-encoded HTML entities to steal session tokens or perform unwanted actions on behalf of the user.
Related
osv
osv
Moderate severity vulnerability that affects league/commonmark
2019-09-17 22:47:47
CVE-2019-10010
2019-03-24 18:29:00
friendsofphp
friendsofphp
XSS vulnerability with double-encoded entities
2019-03-21 22:52:50
github
github
Moderate severity vulnerability that affects league/commonmark
2019-09-17 22:47:47
nvd
nvd
CVE-2019-10010
2019-03-24 18:29:00
cve
cve
CVE-2019-10010
2019-03-24 18:29:00
cvelist
cvelist
CVE-2019-10010
2019-03-24 17:58:54
prion
prion
Cross site scripting
2019-03-24 18:29:00