Packagist (Composer) package
erusev/parsedown
pkg:composer/erusev/parsedown
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10905 | — | < 1.7.2 | 1.7.2 | Apr 6, 2019 | Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are per | ||
| CVE-2018-1000162 | — | < 1.7.0 | 1.7.0 | Apr 18, 2018 | Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escapin |
- CVE-2019-10905Apr 6, 2019affected < 1.7.2fixed 1.7.2
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class. This occurs because spaces are per
- CVE-2018-1000162Apr 18, 2018affected < 1.7.0fixed 1.7.0
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escapin