Mistune Project - Mistune CVE

Filtered by vendor Mistune Project Subscribe

Filtered by product Mistune

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-16876	2 Fedoraproject, Mistune Project	2 Fedora, Mistune	2018-01-10	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
CVE-2017-15612	1 Mistune Project	1 Mistune	2017-11-07	4.3 MEDIUM	6.1 MEDIUM
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

Vulnerabilities (CVE)