Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bleach vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-7753
An issue exists in Bleach 2.1.x prior to 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide throu...
Mozilla Bleach 2.1
Mozilla Bleach 2.1.2
Mozilla Bleach 2.1.1
NA
CVE-2021-23980
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in ...
Mozilla Bleach
NA
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style...
Mozilla Bleach
1 Github repository
4.3
CVSSv2
CVE-2020-6816
In Mozilla Bleach prior to 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
Mozilla Bleach
Fedoraproject Fedora 33
1 Github repository
4.3
CVSSv2
CVE-2020-6802
In Mozilla Bleach prior to 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
Mozilla Bleach
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started