Lucene search
K

85 matches found

Vulnrichment
Vulnrichment
‱added 2023/02/16 12:0 a.m.‱11 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

5.9AI score0.00483EPSS
Exploits1References2
CVE
CVE
‱added 2023/02/16 12:0 a.m.‱220 views

CVE-2021-23980

CVE-2021-23980 affects the python-bleach library. A mutation XSS can occur when bleach.clean is called with any of the tags svg or math, and also with allowed tags including p or br, plus style, title, noscript, script, textarea, noframes, iframe, or xmp, and with strip_comments=False. Note that ...

6.1CVSS5.7AI score0.00483EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
‱added 2023/02/16 12:0 a.m.‱78 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS6.3AI score0.00483EPSS
Exploits1
SUSE CVE
SUSE CVE
‱added 2023/02/15 4:2 a.m.‱3 views

SUSE CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.3AI score0.01301EPSS
Exploits1References5
RedhatCVE
RedhatCVE
‱added 2022/05/20 11:42 p.m.‱31 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.8CVSS2AI score0.01301EPSS
Exploits1References1
Huntr
Huntr
‱added 2022/05/01 6:1 p.m.‱24 views

Arbitrary Code Execution through Sanitizer Bypass

Description The sanitizer function of the drawio core library which is responsible to sanitize various parts of a diagram of potentially dangerous HTML/JavaScript code can be bypassed. It is vulnerable to mutation XSS payloads, which allows escaping from the sanitizer. This allows arbitrary code...

6.8CVSS0.02273EPSS
Exploits1References1
RustSec
RustSec
‱added 2021/07/08 12:0 p.m.‱28 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

6.1CVSS1.3AI score0.00702EPSS
Exploits1Affected Software1
OSV
OSV
‱added 2021/06/16 8:22 p.m.‱7 views

MGASA-2021-0260 Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS6AI score0.00483EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
‱added 2021/04/18 12:0 a.m.‱46 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0571-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
‱added 2021/04/15 12:0 a.m.‱33 views

openSUSE Security Update : python-bleach (openSUSE-2021-552)

This update for python-bleach fixes the following issues : - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5 : - replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.9AI score0.01301EPSS
Exploits3References6
OPENSUSE Linux
OPENSUSE Linux
‱added 2021/04/14 12:0 a.m.‱50 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0552-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
Github Security Blog
Github Security Blog
‱added 2021/02/02 5:58 p.m.‱63 views

Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

6.1CVSS6.2AI score0.00483EPSS
Exploits1References11Affected Software1
OSV
OSV
‱added 2021/02/02 5:58 p.m.‱34 views

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

6.1CVSS2AI score0.00483EPSS
Exploits1References4
PyPA
PyPA
‱added 2021/02/02 5:58 p.m.‱7 views

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

6.1CVSS6.3AI score0.00483EPSS
Exploits1References4Affected Software1
Node.js
Node.js
‱added 2020/12/18 10:54 p.m.‱76 views

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...

4.3CVSS1.9AI score0.04881EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
‱added 2020/10/16 5:15 a.m.‱3 views

CVE-2020-27176

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...

9.6CVSS5.5AI score0.04881EPSS
Exploits2References2
Prion
Prion
‱added 2020/10/16 5:15 a.m.‱22 views

Design/Logic Flaw

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...

6.8CVSS6.2AI score0.04881EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
‱added 2020/10/16 4:28 a.m.‱33 views

CVE-2020-27176

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...

8.3CVSS6.4AI score0.01884EPSS
Exploits1References1
OSV
OSV
‱added 2020/10/07 4:15 p.m.‱47 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.4AI score0.04881EPSS
Exploits1References6
OSV
OSV
‱added 2020/10/07 4:15 p.m.‱6 views

UBUNTU-CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.7AI score0.04881EPSS
Exploits1References4
Rows per page
Query Builder