Back to search
CVE-2020-11888
Published: Apr 20, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/trentm/python-markdown2/issues/348
x_refsource_MISC
openSUSE-SU-2020:0651
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0656
vendor-advisory
x_refsource_SUSE
FEDORA-2020-5f8f90e69c
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-3864f32b3d
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-ab379d4b90
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now