Lucene search

K
osvGoogleOSV:PYSEC-2018-13
HistoryJan 18, 2018 - 9:29 p.m.

PYSEC-2018-13

2018-01-1821:29:00
Google
osv.dev
22

EPSS

0.001

Percentile

34.9%

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final ‘>’ character from an IMG tag.

EPSS

0.001

Percentile

34.9%