Medium severity5.4GHSA Advisory· Published Oct 26, 2022· Updated Jun 17, 2026
CVE-2022-25849
CVE-2022-25849
Description
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joyqi/hyper-downPackagist | <= 2.4.27 | — |
Affected products
2- Range: <= 2.4.27
Patches
Vulnerability mechanics
References
3- security.snyk.io/vuln/SNYK-PHP-JOYQIHYPERDOWN-2953544nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-4r9g-w48q-8jwmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25849ghsaADVISORY
News mentions
0No linked articles in our index yet.