Cross-site Scripting Vulnerability in PHP League CommonMark
CVE-2018-20583

6.1MEDIUM

Key Information:

Vendor: ThePHPleague
Status: Commonmark
Vendor: CVE Published:; 30 December 2018

🔔 Create ThePHPleague Vulnerability Alert

What is CVE-2018-20583?

The PHP League CommonMark library, versions ranging from 0.15.6 to 0.18.0, is affected by a cross-site scripting vulnerability. This flaw allows remote attackers to execute arbitrary JavaScript by injecting unsafe URLs into HTML content through newline characters, even if 'allow_unsafe_links' is set to false. It is crucial for users of vulnerable versions to upgrade to version 0.18.1 or later to mitigate this security risk.