CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Source: CVE-2020-11888
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Source: CVE-2020-11888