PT-2018-15450 · Php League · Php League Commonmark Library

Austin H

Publicado

2018-12-30

Atualizado

2022-05-14

CVE-2018-20583

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHP League CommonMark library versions 0.15.6 through 0.18.x

Description The issue allows remote attackers to insert unsafe URLs into HTML, even when allow unsafe links is set to false, by utilizing a newline character. This can be achieved by writing javascript as javsacri%0apt, demonstrating the potential for malicious script injection.

Recommendations For PHP League CommonMark library versions 0.15.6 through 0.18.x, update to version 0.18.1 or later to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-20583

GHSA-QX76-C53F-5C7Q

Produtos afetados

Php League Commonmark Library

PT-2018-15450 · Php League · Php League Commonmark Library

CVE-2018-20583

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8