data/reports/GO-2021-0086.yaml - vulndb - Git at Google

 id: GO-2021-0086
 modules:
     - module: github.com/documize/community
       versions:
         - fixed: 1.76.3-0.20191119114751-a4384210d4d0
       vulnerable_at: 1.76.3-0.20191115182156-68824912016c
       packages:
         - package: github.com/documize/community/domain/section/markdown
           symbols:
             - Provider.Render
 summary: Cross-site scripting in github.com/documize/community
 description: |-
     HTML content in markdown is not sanitized during rendering, possibly allowing
     XSS if used to render untrusted user input.
 published: 2021-04-14T20:04:52Z
 cves:
     - CVE-2019-19619
 ghsas:
     - GHSA-wmwp-pggc-h4mj
 references:
     - fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3
	id: GO-2021-0086
	modules:
	- module: github.com/documize/community
	versions:
	- fixed: 1.76.3-0.20191119114751-a4384210d4d0
	vulnerable_at: 1.76.3-0.20191115182156-68824912016c
	packages:
	- package: github.com/documize/community/domain/section/markdown
	symbols:
	- Provider.Render
	summary: Cross-site scripting in github.com/documize/community
	description: \|-
	HTML content in markdown is not sanitized during rendering, possibly allowing
	XSS if used to render untrusted user input.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2019-19619
	ghsas:
	- GHSA-wmwp-pggc-h4mj
	references:
	- fix: https://github.com/documize/community/commit/a4384210d4d0d6b18e6fdb7e155de96d4a1cf9f3