CVE-2018-20583
- Source
- https://cve.org/CVERecord?id=CVE-2018-20583
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20583.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-20583
- Aliases
- Published
- 2018-12-30T05:29:00.753Z
- Modified
- 2026-04-10T04:10:04.664258Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allowunsafelinks is false) via a newline character (e.g., writing javascript as javascri%0apt).
- References
Affected packages
Git / github.com/thephpleague/commonmark
Affected ranges
- Type
- GIT
- Repo
- https://github.com/thephpleague/commonmark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/thephpleague/commonmark
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.14.0
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.15.6
0.15.7
0.16.0
0.17.0
0.17.2
0.17.4
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.7.1
0.8.0
0.9.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20583.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0.15.6"
},
{
"last_affected": "0.18.0"
}
]
},
{
"events": [
{
"introduced": "0.15.6"
},
{
"last_affected": "0.18.x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.18.1"
}
]
}
]