CVE-2018-20583
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-20583
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20583.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-20583
- Aliases
- Withdrawn
- 2024-09-03T02:56:39.160859Z
- Published
- 2018-12-30T05:29:00Z
- Modified
- 2024-09-01T23:06:14Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allowunsafelinks is false) via a newline character (e.g., writing javascript as javascri%0apt).
- References