| CVE-2021-26813 |
low |
— |
2.5 |
|
|
|
5y ago |
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or de… |
| CVE-2009-3724 |
unknown |
— |
— |
|
|
|
4y ago |
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. |
| CVE-2020-11888 |
unknown |
— |
— |
|
|
|
6y ago |
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. |
| CVE-2018-5773 |
unknown |
— |
— |
|
|
|
8y ago |
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properl… |
