Export limit exceeded: 363609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-59710 | 1 Showdownjs | 1 Showdown | 2026-07-06 | 6.1 Medium |
| showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration. | ||||
| CVE-2026-59711 | 1 Showdownjs | 1 Showdown | 2026-07-06 | 6.1 Medium |
| showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into HTML title tags, enabling attackers to break out of the title context and execute malicious scripts in the rendered page. | ||||
| CVE-2024-1899 | 1 Showdownjs | 1 Showdown | 2025-09-18 | 5.3 Medium |
| An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions. | ||||
Page 1 of 1.