CVE-2018-20583
NONE EPSS 72.7%
Published Dec 30, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 30, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).
Threat Intelligence
EPSS Exploit Probability
72.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| thephpleague | commonmark | * | ≥0.15.6 – ≤0.18.0 |
References 3
- commonmark.thephpleague.com https://commonmark.thephpleague.com/changelog/
- github.com https://github.com/thephpleague/commonmark/issues/337
- github.com https://github.com/thephpleague/commonmark/releases/tag/0.18.1
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.