2 matches found
GHSA-8G87-J6Q8-G93X Mistune Math Plugin has an XSS Escape Bypass
Summary The mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is explicitly created with escape=True, which is supposed to guarantee that all...
PT-2022-19386 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.3 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Subversion Plugin does not escape the name and description of List Subversion tags...