CVE-2019-10010

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10010
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10010.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10010
Aliases
Published
2019-03-24T18:29:00.270Z
Modified
2026-04-10T04:13:37.784634Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.

References

Affected packages

Git / github.com/thephpleague/commonmark

Affected ranges

Type
GIT
Repo
https://github.com/thephpleague/commonmark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b1ec41ce15c3bd6f7cbe86a645b3efc78d927446
Type
GIT
Repo
https://github.com/thephpleague/commonmark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b1ec41ce15c3bd6f7cbe86a645b3efc78d927446

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.14.0
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.15.5
0.15.6
0.15.7
0.16.0
0.17.0
0.17.2
0.17.4
0.18.1
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.5.1
0.6.0
0.6.1
0.7.0
0.7.1
0.8.0
0.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10010.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "0.18.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "0.18.3"
            }
        ]
    }
]