Lucene search
K

9 matches found

OSV
OSV
added 2026/05/26 9:16 p.m.8 views

DEBIAN-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.6 views

UBUNTU-CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/26 8:41 p.m.36 views

CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS0.00228EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/26 8:41 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTMLRenderer.heading, which directly inserted id attribute values into HTML tags without escaping...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.6 views

WordPress Plugin: Timeline Event History – Cross-Site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.1CVSS5.7AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24651

Malicious code in bioql PyPI...

6.9CVSS7.4AI score0.00527EPSS
Exploits0References6
OSV
OSV
added 2024/03/19 9:15 a.m.5 views

CVE-2024-24683

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

6.5CVSS5.8AI score0.01239EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.7 views

WordPress plugin Testimonial 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to clean and escape...

6.1CVSS5.3AI score0.00853EPSS
Exploits2References4
Rows per page
Query Builder