data/reports/GO-2021-0086.yaml - vulndb - Git at Google

 modules:
   - module: github.com/documize/community
     versions:
       - fixed: 1.76.3-0.20191119114751-a4384210d4d0
     vulnerable_at: 1.76.3-0.20191115182156-68824912016c
     packages:
       - package: github.com/documize/community/domain/section/markdown
         symbols:
           - Provider.Render
 description: |
     HTML content in markdown is not santized during rendering, possibly allowing
     XSS if used to render untrusted user input.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2019-19619
 ghsas:
   - GHSA-wmwp-pggc-h4mj
 references:
   - fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
	modules:
	- module: github.com/documize/community
	versions:
	- fixed: 1.76.3-0.20191119114751-a4384210d4d0
	vulnerable_at: 1.76.3-0.20191115182156-68824912016c
	packages:
	- package: github.com/documize/community/domain/section/markdown
	symbols:
	- Provider.Render
	description: \|
	HTML content in markdown is not santized during rendering, possibly allowing
	XSS if used to render untrusted user input.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-19619
	ghsas:
	- GHSA-wmwp-pggc-h4mj
	references:
	- fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3