An issue was discovered in python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute. Upstream Issue: https://github.com/trentm/python-markdown2/issues/348
Created python-markdown2 tracking bugs for this issue: Affects: epel-all [bug 1831001] Affects: fedora-all [bug 1831000]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.