Oval Definition:oval:org.opensuse.security:def:202011888
Revision Date:2021-10-24Version:1
Title:CVE-2020-11888
Description:

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-11888
openSUSE-SU-2020:0651-1
openSUSE-SU-2020:0656-1
Mitre CVE-2020-11888
SUSE CVE-2020-11888
openSUSE-SU-2020:0651-1
openSUSE-SU-2020:0656-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • python2-markdown2-2.3.7-lp151.2.3.1 is installed
  • AND python2-markdown2 is signed with openSUSE key
  • OR
  • python3-markdown2-2.3.7-lp151.2.3.1 is installed
  • AND python3-markdown2 is signed with openSUSE key
  • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND Package Information
  • python2-markdown2-2.3.7-bp151.2.3.1 is installed
  • OR python3-markdown2-2.3.7-bp151.2.3.1 is installed
  • BACK