CVE-2019-10010

NONE EPSS 60.0%
Published Mar 24, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 24, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.

Threat Intelligence

EPSS Exploit Probability
60.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
thephpleaguecommonmark* <0.18.3

References 2

  • github.com https://github.com/thephpleague/commonmark/issues/353
    ExploitIssue TrackingPatchThird Party Advisory
  • github.com https://github.com/thephpleague/commonmark/releases/tag/0.18.3
    Release NotesThird Party Advisory

Remediation

  • github.com https://github.com/thephpleague/commonmark/issues/353
    ExploitIssue TrackingPatchThird Party Advisory