Published: 24/03/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

In Mozilla Bleach prior to 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bleach
fedoraproject fedora 33

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleachclean when strip=False and math or svg tags and one or more of the RCDATA tags were whitelisted For the stable distribution (buster), this problem has been fixed in version 312-0+deb10u1 We recommend that you upgrade ...

-python-tda-bug-hunt-new DEPENDENCY #bleach==301 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #hellobluenove==20 VULNERABILITIES WS-2021-0011 CVE-2020-6817 CVE-2020-6816 CVE-2020-6802 DEPENDENCY #freeipa==481 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #gssapi==182 VULNERABILITIES CVE-2019-14867 DEPENDENCY #freeipa==481 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #gssapi=

CWE-79 https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach https://advisory.checkmarx.net/advisory/CX-2020-4277 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/https://www.debian.org/security/2020/dsa-4643 https://nvd.nist.gov

CVE-2020-6816

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect