An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-18T21:00:00Z

Updated: 2024-09-16T17:47:46.652Z

Reserved: 2018-01-18T00:00:00Z

Link: CVE-2018-5773

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-18T21:29:00.267

Modified: 2024-11-21T04:09:22.067

Link: CVE-2018-5773

cve-icon Redhat

No data.