| id: GO-2021-0086 |
| modules: |
| - module: github.com/documize/community |
| versions: |
| - fixed: 1.76.3-0.20191119114751-a4384210d4d0 |
| vulnerable_at: 1.76.3-0.20191115182156-68824912016c |
| packages: |
| - package: github.com/documize/community/domain/section/markdown |
| symbols: |
| - Provider.Render |
| summary: Cross-site scripting in github.com/documize/community |
| description: |- |
| HTML content in markdown is not sanitized during rendering, possibly allowing |
| XSS if used to render untrusted user input. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2019-19619 |
| ghsas: |
| - GHSA-wmwp-pggc-h4mj |
| references: |
| - fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3 |
| review_status: REVIEWED |