{"id":"CVE-2017-11594","details":"Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.","modified":"2026-05-14T12:51:44.559665Z","published":"2017-07-24T01:29:00.740Z","references":[{"type":"ADVISORY","url":"https://github.com/loomio/loomio/releases/tag/1.8.0"},{"type":"FIX","url":"https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe"},{"type":"EVIDENCE","url":"https://github.com/loomio/loomio/issues/4220"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/loomio/loomio","events":[{"introduced":"0"},{"last_affected":"e16dbab8c65dde0bd9ea311ec645720326d2cc32"},{"last_affected":"5b44f2c0c01145777b7b63bc6fde17f727c49d60"},{"last_affected":"060c906b2d65e3da45b510c6d7aca3fb83ecbf15"},{"last_affected":"9b0b974d9b5582d1e39dab7fe0e48edcfec11f23"},{"last_affected":"b03037425f15fa6ef3476dbb38be48b5a58063b5"},{"last_affected":"71945f3e13cebf15adde7fc7f97ad4f1bc421aaa"},{"last_affected":"43f1e211c5f1f24ec3708acdffe480882e8dd6d4"},{"last_affected":"77da801c4870ab5d073b4d3dff6c5d251edf6eb2"}],"database_specific":{"cpe":["cpe:2.3:a:loomio:loomio:1.0.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.2.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.3.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.4.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.5.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.6.0:*:*:*:*:*:*:*","cpe:2.3:a:loomio:loomio:1.7.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.0.0"},{"last_affected":"1.1.0"},{"last_affected":"1.2.0"},{"last_affected":"1.3.0"},{"last_affected":"1.4.0"},{"last_affected":"1.5.0"},{"last_affected":"1.6.0"},{"last_affected":"1.7.0"}],"source":"CPE_FIELD"}}],"versions":["v1.7.0","1.6.0","1.5.0","1.2.0","1.1.0","1.0.0","0.19.0","0.18.0","0.17.0","v0.15.0","v0.14.0","v0.13.0","v0.12.0","v0.11.0","v0.10.0","v0.9.0","v1.4.0","v1.3.0","v1.2.0","v1.1.0","v1.0.0","v0.0.2","v0.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11594.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}