Published: 16/02/2023 Updated: 27/02/2023

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bleach

Debian Bug report logs - #986251 python-bleach: CVE-2021-23980 Package: src:python-bleach; Maintainer for src:python-bleach is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Apr 2021 14:51:02 UTC Severity: grave Tags: security, upstream Found ...

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleachclean when svg or math are in the allowed tags, 'p' or br are in allowed tags, style, title, noscript, script, textarea, noframes, iframe, or xmp are in allowed tags and 'strip_comments=False' is set For the stable dist ...

CWE-79 https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-23980 https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986251 https://www.debian.org/security/2021/dsa-4892

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-23980

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect