[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99536

 
 

909

 
 

80128

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-16876

Date: (C)2018-01-02   (M)2018-01-05 


Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.

CVSS Score: 9.0Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
FEDORA-2017-7b4149911a
https://bugzilla.redhat.com/show_bug.cgi?id=1524596
https://github.com/lepture/mistune/blob/master/CHANGES.rst
https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98

© 2013 SecPod Technologies