CVE-2026-44708 Mistune Math Plugin XSS Escape Bypass

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

Tooltip - Moderately critical - Cross site scripting - SA-CONTRIB-2024-058

This module enables you to add any HTML content you want in a tooltip displayed on mouse hover. The module does not sufficiently escape the markup inserted in the tooltip block. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer blocks"...