Search Results (3 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-59710 1 Showdownjs 1 Showdown 2026-07-06 6.1 Medium
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration.
CVE-2026-59711 1 Showdownjs 1 Showdown 2026-07-06 6.1 Medium
showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into HTML title tags, enabling attackers to break out of the title context and execute malicious scripts in the rendered page.
CVE-2024-1899 1 Showdownjs 1 Showdown 2025-09-18 5.3 Medium
An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.