CVE-2026-59710 in showdowninfo

Zusammenfassung

von MITRE • 07.07.2026

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdown table headers, achieving stored XSS when untrusted markdown is rendered with the default github flavor configuration.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

VulnCheck

Reservieren

06.07.2026

Veröffentlichung

07.07.2026

Moderieren

akzeptiert

Eintrag

VDB-376561

CPE

bereit

EPSS

0.00198

KEV

nein

Aktivitäten

very low

Quellen

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!