python-markdown2 up to and including 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python-markdown2 project python-markdown2 |