10 matches found
DEBIAN-CVE-2026-44898
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...
CVE-2026-44897
Mistune prior to 3.2.1 constructs the HTML heading tag by appending the id attribute value directly, without escaping. If the heading_id callback returns raw text containing quotes or markup, an attacker can inject arbitrary attributes (e.g., onmouseover, src, href) into the element, enabling XS...
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
CVE-2026-44897
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
EUVD-2026-31994
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
CVE-2026-44897 Mistune Heading ID Attribute Injection XSS
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...
Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTMLRenderer heading rendering path in the HTML renderer. An attacker can inject arbitrary HTML by supplying a heading id attribute value that contains quotes and markup. The rendered output can be alter...
GHSA-V87V-83H2-53W7 Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
PT-2026-39330
Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description In the HTMLRenderer.heading function within src/mistune/renderers/html.py, the id attribute of heading tags is constructed by directly concatenating the value into the HTML without sanitization. When...