Lucene search
K

6 matches found

NVD
NVD
added yesterday6 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42334

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added yesterday4 views

CVE-2026-59926 Mistune: XSS via unescaped class option in Admonition directive

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-59926

CVE-2026-59926 : Mistune (Python Markdown parser) contains an XSS due to render_admonition() in src/mistune/directives/admonition.py failing to escape the Admonition directive :class: option when constructing the HTML class attribute. This allows attribute injection and cross-site scripting even ...

5.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/08 11:43 p.m.14 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderadmonition, renderfigure, and blockerror rendering paths in the HTML output components. An attacker can inject arbitrary HTML by supplying crafted admonition classes, figure classes, or widths, or...

6.1CVSS5.8AI score0.00198EPSS
Exploits0References2
Rows per page
Query Builder