Cross-site Scripting Vulnerability in PHP League CommonMark
CVE-2018-20583

6.1MEDIUM

Key Information:

Vendor

ThePHPleague

Status
Commonmark
Vendor
CVE Published:
30 December 2018

What is CVE-2018-20583?

The PHP League CommonMark library, versions ranging from 0.15.6 to 0.18.0, is affected by a cross-site scripting vulnerability. This flaw allows remote attackers to execute arbitrary JavaScript by injecting unsafe URLs into HTML content through newline characters, even if 'allow_unsafe_links' is set to false. It is crucial for users of vulnerable versions to upgrade to version 0.18.1 or later to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://commonmark.thephpleague.com/changelog/
x_refsource_MISC
https://github.com/thephpleague/commonmark/issues/337
x_refsource_MISC
https://github.com/thephpleague/commonmark/releases/tag/0...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.