GHSA-wmwp-pggc-h4mj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wmwp-pggc-h4mj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-wmwp-pggc-h4mj/GHSA-wmwp-pggc-h4mj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wmwp-pggc-h4mj
- Aliases
- Published
- 2021-05-18T15:30:30Z
- Modified
- 2023-11-08T04:01:28.731571Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Documize
- Details
-
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "cwe_ids": [ "CWE-79" ], "nvd_published_at": null, "github_reviewed_at": "2021-05-17T21:29:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-19619
- https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
- https://github.com/documize/community
- https://github.com/documize/community/compare/v3.5.0...v3.5.1
- https://github.com/documize/community/releases/tag/v3.5.1
- https://pkg.go.dev/vuln/GO-2021-0086
Affected packages
Go / github.com/documize/community
Package
- Name
- github.com/documize/community
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/documize/community