mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mistune project mistune 0.7.4 |