300 matches found
CVE-2017-16876
Cross-site scripting XSS vulnerability in the keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument...
PT-2017-14611 · Mistune · Mistune
Name of the Vulnerable Software and Affected Versions: Mistune versions prior to 0.8.1 Description: The issue concerns a Cross-Site Scripting XSS vulnerability in the keyify function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML by exploiting the failure to...
Fedora Update for python-mistune FEDORA-2017-7b4149911a
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : python-mistune (2017-7b4149911a)
Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
[SECURITY] Fedora 26 Update: python-mistune-0.8.3-1.fc26
The fastest markdown parser in pure Python, inspired by marked...
Cross-site Scripting (XSS)
mistune is vulnerable to cross-site scripting XSS attacks. The keyify method doesn't escape the key values which allows attackers to insert and execute arbitrary webscript...
Mistune Cross-Site Scripting Vulnerability
Mistune is a Python based parser with renderer functionality. A cross-site scripting vulnerability exists in the mistune.py file in Mistune version 0.7.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Cross-site Scripting (XSS)
mistune is vulnerable to cross-site scripting XSS attacks. These attacks can be conducted by inserting an unexpected newline or by using an email address to execute arbitrary Javascript...
biobb-io (>=0.0.1 <=0.0.8), biobb-model (>=0.0.1 <=0.0.10) +6 more potentially affected by CVE-2017-15612 via mistune (>=0.7.3 <=0.7.4)
mistune PYPI version =0.7.3, =0.0.1, =0.0.1, =0.0.6, =0.2.1, =2.2.20170208112505, =0.1.0, =0.1.2, =0.3.2 Source cves: CVE-2017-15612 Source advisory: OSV:PYSEC-2017-80...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
Design/Logic Flaw
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
PYSEC-2017-80
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
PYSEC-2017-80
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
DEBIAN-CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
UBUNTU-CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
The CVE relates to Mistune Python package: mistune.py in Mistune 0.7.4 contains an XSS vulnerability triggered by an unexpected newline (e.g., java\nscript:) or crafted email addresses, tied to escape and autolink handling. Connected sources document this vulnerability and show mitigations: openS...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
PT-2017-14131 · Mistune · Mistune
Name of the Vulnerable Software and Affected Versions: Mistune version 0.7.4 Description: The issue allows for XSS attacks through unexpected newlines or crafted email addresses, related to the escape and autolink functions. Recommendations: For Mistune version 0.7.4, consider updating to a newer...