blob: dc5fff629934fdce0d49cf67684a287fd9b3e6d8 [file] [log] [blame]
id: GO-2021-0086
modules:
- module: github.com/documize/community
versions:
- fixed: 1.76.3-0.20191119114751-a4384210d4d0
vulnerable_at: 1.76.3-0.20191115182156-68824912016c
packages:
- package: github.com/documize/community/domain/section/markdown
symbols:
- Provider.Render
summary: Cross-site scripting in github.com/documize/community
description: |-
HTML content in markdown is not sanitized during rendering, possibly allowing
XSS if used to render untrusted user input.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2019-19619
ghsas:
- GHSA-wmwp-pggc-h4mj
references:
- fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
review_status: REVIEWED