Описание
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.18.3 (исключая)
cpe:2.3:a:thephpleague:commonmark:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00326
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 6 лет назад
Moderate severity vulnerability that affects league/commonmark
EPSS
Процентиль: 55%
0.00326
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79