9 matches found
DEBIAN-CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
UBUNTU-CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
CVE-2026-44898 Mistune TOC Anchor Injection XSS
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...
CVE-2026-44898
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTMLRenderer.heading, which directly inserted id attribute values into HTML tags without escaping...
WordPress Plugin: Timeline Event History – Cross-Site Script Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
EUVD-2025-24651
Malicious code in bioql PyPI...
CVE-2024-24683
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...
WordPress plugin Testimonial 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to clean and escape...