PT-2026-38401 · Pypi · Weblate
Published
2026-05-07
·
Updated
2026-05-07
·
CVE-2026-44264
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Impact
The Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes.
Patches
Workarounds
Even though the attacker might be able to inject code into the HTML, the Weblate's strict CSP should mitigate the risks.
Acknowlegement
Michal Čihař has identified and fixed this vulnerability.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Weblate