ALT-PU-2025-7036-2
Package python3-module-markdown2 updated to version 2.3.10-alt1 for branch sisyphus in task 384723.
Closed vulnerabilities
Published: 2018-01-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5773
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.
Severity: MEDIUM (6.1)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2020-04-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
- openSUSE-SU-2020:0651
- openSUSE-SU-2020:0656
- https://github.com/trentm/python-markdown2/issues/348
- FEDORA-2020-ab379d4b90
- FEDORA-2020-3864f32b3d
- FEDORA-2020-5f8f90e69c
- openSUSE-SU-2020:0651
- FEDORA-2020-5f8f90e69c
- FEDORA-2020-3864f32b3d
- FEDORA-2020-ab379d4b90
- https://github.com/trentm/python-markdown2/issues/348
- openSUSE-SU-2020:0656