Filtered by vendor Mistune Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
| CVE-2017-15612 | 1 Mistune Project | 1 Mistune | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions. | |||||