VYPR
Moderate severity6.1OSV Advisory· Published Jul 6, 2026

showdown: Showdown: Stored Cross-Site Scripting via unescaped table header ID attributes in markdown

CVE-2026-59710

Description

showdown: Showdown: Stored Cross-Site Scripting via unescaped table header ID attributes in markdown

Affected products

2
  • Showdownjs/ShowdownOSV2 versions
    3.0.0-rc2, 3.0.0-rc1, 1.8.5, …+ 1 more
    • (no CPE)range: 3.0.0-rc2, 3.0.0-rc1, 1.8.5, …
    • (no CPE)

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.