CVE-2019-10010
NONE EPSS 60.0%
Published Mar 24, 20197y ago · Modified Jun 17, 20262w ago
Published Mar 24, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
Threat Intelligence
EPSS Exploit Probability
60.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| thephpleague | commonmark | * | <0.18.3 |
References 2
- github.com https://github.com/thephpleague/commonmark/issues/353
- github.com https://github.com/thephpleague/commonmark/releases/tag/0.18.3
Remediation
- github.com https://github.com/thephpleague/commonmark/issues/353