Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bleach vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7753
An issue exists in Bleach 2.1.x prior to 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide throu...
Mozilla Bleach 2.1
Mozilla Bleach 2.1.2
Mozilla Bleach 2.1.1
6.1
CVSSv3
CVE-2021-23980
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in ...
Mozilla Bleach
7.5
CVSSv3
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style...
Mozilla Bleach
1 Github repository
6.1
CVSSv3
CVE-2020-6816
In Mozilla Bleach prior to 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
Mozilla Bleach
Fedoraproject Fedora 33
1 Github repository
6.1
CVSSv3
CVE-2020-6802
In Mozilla Bleach prior to 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
Mozilla Bleach
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started