CVE-2019-19619

Name of the Vulnerable Software and Affected Versions Documize versions prior to 3.5.1

Description The issue arises from the mishandling of untrusted Markdown content, which can lead to potential XSS attacks if the content is used to render untrusted user input. This is due to the lack of proper sanitization of HTML content in markdown during rendering. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 3.5.1, update to version 3.5.1 or later, which includes the addition of the bluemonday HTML sanitizer to defend against XSS attacks.