Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 8:36 p.m.12 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS5.8AI score0.00228EPSS
Exploits1References2
OSV
OSV
added 2026/05/26 8:36 p.m.1 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS7.1AI score0.00228EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/26 8:36 p.m.37 views

CVE-2026-44899 Mistune Image Directive CSS Injection Vulnerability

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...

4.7CVSS0.00228EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 4:36 p.m.14 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderblockimage function. An attacker can inject arbitrary CSS into the style attribute of an image element by supplying a crafted value to the :width: or :height: option, which is insufficiently validat...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References2
Rows per page
Query Builder