CVE-2017-16876

Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*

Information

Published : 2017-12-29 07:29

Updated : 2018-01-10 09:15


NVD link : CVE-2017-16876

Mitre link : CVE-2017-16876


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

fedoraproject

  • fedora

mistune_project

  • mistune