Lucene search
K

5 matches found

Snyk
Snyk
added 6 days ago6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl process. An attacker can inject malicious URLs into rendered href and src attributes by crafting links that use legacy or chained schemes, potentially leading to script execution in affected user...

6.1CVSS6.1AI score0.00198EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-59929

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS0.00198EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59929 Mistune renderers/html.safe_url: HARMFUL_PROTOCOLS list misses legacy and chained schemes that historically chain to `javascript:` execution

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS0.00198EPSS
Exploits1References3
CVE
CVE
added 6 days ago10 views

CVE-2026-59929

Mistune is a Python Markdown parser. CVE-2026-59929 affects the safe_url filter in src/mistune/renderers/html.py prior to version 3.3.0, which blocks only javascript:, vbscript:, file:, and data: schemes. This allowed legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha...

6.1CVSS6AI score0.00198EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56512

Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0 Description The safe url filter in src/mistune/renderers/html.py fails to block several legacy or chained URI schemes. While it restricts javascript:, vbscript:, file:, and data:, it allows schemes such as feed:...

6.1CVSS6.2AI score0.00198EPSS
Exploits1References10
Rows per page
Query Builder