Uncontrolled Resource Consumption
markdown2 If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
markdown2 If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
python-markdown2 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
python-markdown2 has multiple cross-site scripting (XSS) issues.
An issue was discovered in markdown. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, an XSS can be triggered by omitting the final > character from an IMG tag.