Vulnerabilities > Parsedown

DATE CVE VULNERABILITY TITLE RISK
2019-04-06 CVE-2019-10905 Cross-site Scripting vulnerability in Parsedown
Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the contents of any element with a specific class.
network
parsedown CWE-79
6.8
2018-04-18 CVE-2018-1000162 Cross-site Scripting vulnerability in Parsedown
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution.
network
parsedown CWE-79
4.3