CVEs-PoC/2018/CVE-2018-5773.md

### [CVE-2018-5773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5773)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.

### POC

#### Reference
- https://github.com/trentm/python-markdown2/issues/285

#### Github
- https://github.com/vin01/CVEs