Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Version 3.2.1 contains a patch.
0.6-20.7.1-10.7.4-10.8-10.8.1-10.8.3-20.8.4-10.8.4-20.8.4-40.8.4-52.0.0-1+really0.8.4-10.8.4-10.8.4-22.0.4-23.0.2-10.8.4-23.0.2-23.1.3-10.8.4-43.1.3-13.1.4-1Exploitability
AV:NAC:LAT:NPR:NUI:PVulnerable System
VC:NVI:NVA:NSubsequent System
SC:LSI:LSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N