Lucene search
K

300 matches found

Debian CVE
Debian CVE
added 2017/12/29 3:0 p.m.72 views

CVE-2017-16876

Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...

6.1CVSS6.1AI score0.02216EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2017/12/29 12:0 a.m.3 views

PT-2017-14611 · Mistune · Mistune

Name of the Vulnerable Software and Affected Versions: Mistune versions prior to 0.8.1 Description: The issue concerns a Cross-Site Scripting XSS vulnerability in the keyify function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML by exploiting the failure to...

6.1CVSS6.1AI score0.02216EPSS
Exploits1References23
OpenVAS
OpenVAS
added 2017/12/29 12:0 a.m.23 views

Fedora Update for python-mistune FEDORA-2017-7b4149911a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/12/28 12:0 a.m.34 views

Fedora 26 : python-mistune (2017-7b4149911a)

Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

6.1CVSS6AI score0.02216EPSS
Exploits1References3
Fedora
Fedora
added 2017/12/27 8:52 p.m.53 views

[SECURITY] Fedora 26 Update: python-mistune-0.8.3-1.fc26

The fastest markdown parser in pure Python, inspired by marked...

6.1CVSS3.7AI score0.02216EPSS
Exploits1
Veracode
Veracode
added 2017/11/24 2:4 a.m.26 views

Cross-site Scripting (XSS)

mistune is vulnerable to cross-site scripting XSS attacks. The keyify method doesn't escape the key values which allows attackers to insert and execute arbitrary webscript...

6.1CVSS6AI score0.02216EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2017/10/24 12:0 a.m.5 views

Mistune Cross-Site Scripting Vulnerability

Mistune is a Python based parser with renderer functionality. A cross-site scripting vulnerability exists in the mistune.py file in Mistune version 0.7.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References1
Veracode
Veracode
added 2017/10/19 10:13 p.m.22 views

Cross-site Scripting (XSS)

mistune is vulnerable to cross-site scripting XSS attacks. These attacks can be conducted by inserting an unexpected newline or by using an email address to execute arbitrary Javascript...

6.1CVSS6AI score0.00923EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2017/10/19 8:29 a.m.4 views

biobb-io (>=0.0.1 <=0.0.8), biobb-model (>=0.0.1 <=0.0.10) +6 more potentially affected by CVE-2017-15612 via mistune (>=0.7.3 <=0.7.4)

mistune PYPI version =0.7.3, =0.0.1, =0.0.1, =0.0.6, =0.2.1, =2.2.20170208112505, =0.1.0, =0.1.2, =0.3.2 Source cves: CVE-2017-15612 Source advisory: OSV:PYSEC-2017-80...

6.1CVSS6.3AI score0.00923EPSS
Exploits1
NVD
NVD
added 2017/10/19 8:29 a.m.14 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS5.9AI score0.00923EPSS
Exploits1References1
Prion
Prion
added 2017/10/19 8:29 a.m.15 views

Design/Logic Flaw

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

4.3CVSS5.8AI score0.00923EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/10/19 8:29 a.m.22 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.3AI score0.00923EPSS
Exploits1References2
PyPA
PyPA
added 2017/10/19 8:29 a.m.8 views

PYSEC-2017-80

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/19 8:29 a.m.14 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2017/10/19 8:29 a.m.24 views

PYSEC-2017-80

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS3.6AI score0.00923EPSS
Exploits1References2
OSV
OSV
added 2017/10/19 8:29 a.m.2 views

DEBIAN-CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References1
OSV
OSV
added 2017/10/19 8:29 a.m.5 views

UBUNTU-CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.4AI score0.00923EPSS
Exploits1References3
CVE
CVE
added 2017/10/19 8:0 a.m.90 views

CVE-2017-15612

The CVE relates to Mistune Python package: mistune.py in Mistune 0.7.4 contains an XSS vulnerability triggered by an unexpected newline (e.g., java\nscript:) or crafted email addresses, tied to escape and autolink handling. Connected sources document this vulnerability and show mitigations: openS...

6.1CVSS5.7AI score0.00923EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2017/10/19 8:0 a.m.78 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6AI score0.00923EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2017/10/19 12:0 a.m.3 views

PT-2017-14131 · Mistune · Mistune

Name of the Vulnerable Software and Affected Versions: Mistune version 0.7.4 Description: The issue allows for XSS attacks through unexpected newlines or crafted email addresses, related to the escape and autolink functions. Recommendations: For Mistune version 0.7.4, consider updating to a newer...

6.1CVSS6.1AI score0.02216EPSS
Exploits1References20
Rows per page
Query Builder