Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Parsedown 安全漏洞
Vulnerability Description
Parsedown是一款基于PHP的Markdown标记语言解析器。 Parsedown 1.7.0之前版本中用于转义HTML的‘setMarkupEscaped’函数存在安全漏洞,该漏洞源于程序没有正确的校验用户提交的输入。攻击者可利用该漏洞执行JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A