EUVD-2022-7018

Malicious code in bioql PyPI...

CVE-2022-25849

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...

CVE-2022-25849 Cross-site Scripting (XSS)

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...

CVE-2022-25849

CVE-2022-25849 affects joyqi/hyper-down, a Markdown parser library. The vulnerability stems from improper filtering of href attributes in the markdown parser, enabling cross-site scripting (XSS). Affected versions start at 0.0.0 and continue thereafter. Public details describe an XSS vector in th...

PT-2022-17566 · Joyqi · Hyper-Down

Name of the Vulnerable Software and Affected Versions: joyqi/hyper-down versions 0.0.0 and later Description: The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting XSS. There is no information about the estimated number of...