2017-10-19 08:00:00
mitre
PUBLISHED
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in javanscript:) or a crafted email address, related to the escape and autolink functions.