Vulnerability Name:

CVE-2020-11888 (CCN-180326)

Assigned:2020-04-12
Published:2020-04-12
Updated:2020-05-25
Summary:python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2020-11888

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0651

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0656

Source: XF
Type: UNKNOWN
pythonmarkdown2-cve202011888-xss(180326)

Source: CCN
Type: python-markdown2 GIT Repository
Another Filter bypass leading to XSS #348

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/trentm/python-markdown2/issues/348

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-ab379d4b90

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-3864f32b3d

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-5f8f90e69c

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-11888

Vulnerable Configuration:Configuration 1:
  • cpe:/a:python-markdown2_project:python-markdown2:*:*:*:*:*:*:*:* (Version <= 2.3.8)

  • Configuration CCN 1:
  • cpe:/a:python-markdown2_project:python-markdown2:2.3.8:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:93606
    P
    (Important)
    2022-05-10
    oval:org.opensuse.security:def:64621
    P
    Security update for ruby2.5 (Important)
    2021-12-01
    oval:org.opensuse.security:def:64791
    P
    Security update for salt (Moderate)
    2021-10-27
    oval:org.opensuse.security:def:202011888
    V
    CVE-2020-11888
    2021-10-24
    oval:org.opensuse.security:def:74733
    P
    Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:100319
    P
    (Moderate)
    2021-08-23
    oval:org.opensuse.security:def:63367
    P
    python3-virt-bootstrap-1.0.0-5.3.124 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62864
    P
    ocaml-4.05.0-4.25 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62868
    P
    patch-2.7.6-3.5 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62871
    P
    perl-DNS-LDNS-1.7.0-2.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64679
    P
    Security update for permissions (Important)
    2021-05-04
    oval:org.opensuse.security:def:63074
    P
    libopenssl-1_0_0-devel-1.0.2p-3.14.2 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:64519
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:64275
    P
    Security update for curl (Moderate)
    2020-12-09
    oval:org.opensuse.security:def:63570
    P
    colord-1.4.2-1.37 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62896
    P
    cups-ddk-2.2.7-3.11.7 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:74866
    P
    Security update for python-markdown2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64411
    P
    libzip-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63717
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64412
    P
    libzmq5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63946
    P
    Security update for ruby2.1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:110528
    P
    Security update for python-markdown2 (Moderate)
    2020-05-11
    BACK
    python-markdown2_project python-markdown2 *
    python-markdown2_project python-markdown2 2.3.8