2020-04-20 15:48:13
mitre
PUBLISHED
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.