{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.0.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.1.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.2.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.3.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.4.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.5.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.6.0"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "1.7.0"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "e16dbab8c65dde0bd9ea311ec645720326d2cc32"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "5b44f2c0c01145777b7b63bc6fde17f727c49d60"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "060c906b2d65e3da45b510c6d7aca3fb83ecbf15"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "9b0b974d9b5582d1e39dab7fe0e48edcfec11f23"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "b03037425f15fa6ef3476dbb38be48b5a58063b5"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "71945f3e13cebf15adde7fc7f97ad4f1bc421aaa"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "43f1e211c5f1f24ec3708acdffe480882e8dd6d4"
            },
            {
              "introduced": "0"
            },
            {
              "last_affected": "77da801c4870ab5d073b4d3dff6c5d251edf6eb2"
            },
            {
              "fixed": "63973f71e337ead8ca7b7ae2a043b837032dc3fe"
            },
            {
              "fixed": "5b51067e58606bc6b4dae8018a3a26172d7949ef"
            }
          ],
          "repo": "https://github.com/loomio/loomio",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.",
  "id": "CVE-2017-11594",
  "modified": "2026-03-13T21:55:36.163724370Z",
  "published": "2017-07-24T01:29:00.740Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/loomio/loomio/releases/tag/1.8.0"
    },
    {
      "type": "FIX",
      "url": "https://github.com/loomio/loomio/commit/63973f71e337ead8ca7b7ae2a043b837032dc3fe"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/loomio/loomio/issues/4220"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}