Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune prior to 0.8.1 allows remote malicious users to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mistune project mistune |
||
fedoraproject fedora 26 |