Linux Distros Unpatched Vulnerability : CVE-2018-7753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Usi...

DEBIAN-CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

PT-2020-2103 · Mozilla +1 · Bleach +1

Name of the Vulnerable Software and Affected Versions: Mozilla Bleach versions prior to 3.12 Description: A mutation XSS issue affects users calling bleach.clean with specific settings, including whitelisting svg or math tags, allowing RCDATA tags, and setting the strip keyword argument to False...

GHSA-Q65M-PV3F-WR5R XSS in Bleach when noscript and raw tag whitelisted

Impact A mutation XSS affects users calling bleach.clean with noscript and a raw tag see below in the allowed/whitelisted tags option. Patches v3.1.1 Workarounds modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags: title textarea script style noembed...

PYSEC-2018-51

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

PYSEC-2018-51

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...