Packagist (Composer) package
joyqi/hyper-down
pkg:composer/joyqi/hyper-down
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25849 | Med | 5.4 | <= 2.4.27 | — | Oct 26, 2022 | The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well. |
- affected <= 2.4.27
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.