VYPR
Moderate severity6.1OSV Advisory· Published Jul 6, 2026

showdown: Showdown: Cross-site scripting via unescaped metadata title allows arbitrary code execution

CVE-2026-59711

Description

showdown: Showdown: Cross-site scripting via unescaped metadata title allows arbitrary code execution

Affected products

2
  • Showdownjs/ShowdownOSV2 versions
    2.1.0, 2.0.4, 2.0.3, …+ 1 more
    • (no CPE)range: 2.1.0, 2.0.4, 2.0.3, …
    • (no CPE)

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.

CVE-2026-59711 · moderate · VYPR