You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
markdown2 is vulnerable to cross-site scripting
Moderate severity
GitHub Reviewed
Published
Jul 12, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final > character from an IMG tag.
An issue was discovered in
markdown2(aka python-markdown2) through 2.3.5. Thesafe_modefeature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final>character from an IMG tag.References