XSS in Pragdave Earmark
CVE-2026-48591
Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':_make_att1/2 in lib/earmark/transform.ex sp…
Affected products
- Pragdave Earmark — versions 1.4.1, 8236a0570bd894b50e360da08131ec3294c20799
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, third-party-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)