Multiple XSS - Githubissues

lepture / mistune

A fast yet powerful Python Markdown parser with renderers and plugins.

http://mistune.lepture.com/

BSD 3-Clause "New" or "Revised" License

2.55k stars 250 forks source link

Multiple XSS #172

Closed ngsimon closed 6 years ago

ngsimon commented 6 years ago

Hello,

Following the hack.lu CTF 2017 challenge on mistune, multiple XSS were discovered. The link of the CTF write-up can be found here: https://ctftime.org/task/4773

Best regards,

ngsimon commented 6 years ago

Additional links:

https://www.pwndiary.com/write-ups/hack-lu-ctf-2017-mistune-write-up-web150/
https://theromanxpl0it.github.io/ctf_hacklu17/mistune/
https://rawsec.ml/en/Hacklu-2017-write-up/#150-mistune-web

lepture commented 6 years ago

Could you verify it with the latest version? They are all invalid.