Lucene search
+L

5 matches found

Debian CVE
Debian CVE
added 2026/05/26 8:40 p.m.10 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1
Snyk
Snyk
added 2026/05/09 12:13 a.m.12 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTMLRenderer heading rendering path in the HTML renderer. An attacker can inject arbitrary HTML by supplying a heading id attribute value that contains quotes and markup. The rendered output can be alter...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/05/09 12:13 a.m.8 views

GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS

Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...

6.1CVSS6AI score0.00228EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/11 7:55 a.m.3 views

Malicious code in mmsdk-apml-htmlrenderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0814f13d1d5f49711b30a6fe260c2bfb566047df1b02774e899421faf58c92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/06/11 7:55 a.m.12 views

MAL-2024-1579 Malicious code in mmsdk-apml-htmlrenderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0814f13d1d5f49711b30a6fe260c2bfb566047df1b02774e899421faf58c92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder