Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
markdown2 跨站脚本漏洞
Vulnerability Description
markdown2(又名python-markdown2)是美国软件开发者约翰-格鲁伯(John Gruber)所研发的一种使用Python实现的轻量级标记语言,它支持将纯文本格式文档转换成有效的XHTML(或者HTML)文档。 markdown2 2.3.5及之前版本中存在跨站脚本漏洞。远程攻击者可借助特制的载荷利用该漏洞注入任意的Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A