5 matches found
CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTMLRenderer heading rendering path in the HTML renderer. An attacker can inject arbitrary HTML by supplying a heading id attribute value that contains quotes and markup. The rendered output can be alter...
GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
Malicious code in mmsdk-apml-htmlrenderer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0814f13d1d5f49711b30a6fe260c2bfb566047df1b02774e899421faf58c92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1579 Malicious code in mmsdk-apml-htmlrenderer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0814f13d1d5f49711b30a6fe260c2bfb566047df1b02774e899421faf58c92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...