Cross-site Scripting (XSS)

markdown2 is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the IMG tag, even when the safemode feature is enabled. They can be conducted by omitting the from the start of the tag...

Design/Logic Flaw

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...