Lucene search
+L

85 matches found

UbuntuCve
UbuntuCve
added 2020/10/07 4:15 p.m.50 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.7AI score0.04881EPSS
Exploits1References3
OSV
OSV
added 2020/10/07 4:15 p.m.6 views

UBUNTU-CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.7AI score0.04881EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/10/07 3:50 p.m.47 views

CVE-2020-26870

Removed by vendor...

6.1CVSS6.6AI score0.04881EPSS
Exploits1
OSV
OSV
added 2020/08/28 9:25 p.m.4 views

GHSA-CHQJ-J4FH-RW7M Cross-Site Scripting in dompurify

Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and execute...

6.1CVSS6.1AI score0.0167EPSS
Exploits2References4
NVD
NVD
added 2020/03/24 10:15 p.m.24 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6AI score0.01301EPSS
Exploits1References4
NVD
NVD
added 2020/03/24 10:15 p.m.16 views

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6.1CVSS6.1AI score0.01688EPSS
Exploits1References6
OSV
OSV
added 2020/03/24 10:15 p.m.26 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2020/03/24 10:15 p.m.30 views

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6.1CVSS5.9AI score
Exploits0References6
Prion
Prion
added 2020/03/24 10:15 p.m.28 views

Cross site scripting

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

4.3CVSS6AI score0.01301EPSS
Exploits1References4Affected Software2
Prion
Prion
added 2020/03/24 10:15 p.m.18 views

Design/Logic Flaw

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

4.3CVSS5.9AI score0.01688EPSS
Exploits1References6Affected Software2
UbuntuCve
UbuntuCve
added 2020/03/24 10:15 p.m.30 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.9AI score0.01301EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2020/03/24 10:15 p.m.32 views

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6.1CVSS6.9AI score0.01688EPSS
Exploits1References5
OSV
OSV
added 2020/03/24 10:15 p.m.11 views

PYSEC-2020-28

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.8AI score0.01301EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/03/24 9:15 p.m.67 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.3AI score0.01301EPSS
Exploits1
Cvelist
Cvelist
added 2020/03/24 9:13 p.m.36 views

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6AI score0.01688EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2020/03/24 9:13 p.m.63 views

CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6.1CVSS6.3AI score0.01688EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2020/03/24 3:6 p.m.76 views

Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag

Impact A mutation XSS affects users calling bleach.clean with all of: the svg or math in the allowed/whitelisted tags an RCDATA tag see below in the allowed/whitelisted tags the keyword argument strip=False Patches Users are encouraged to upgrade to bleach v3.1.2 or greater. Workarounds modify...

6.1CVSS6.3AI score0.01301EPSS
Exploits1References8Affected Software1
OpenVAS
OpenVAS
added 2020/03/21 12:0 a.m.29 views

Debian: Security Advisory (DSA-4643-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.01301EPSS
Exploits1References4
Debian
Debian
added 2020/03/20 8:3 p.m.83 views

[SECURITY] [DSA 4643-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq -...

4.3CVSS1.5AI score0.01301EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/03/20 12:0 a.m.6 views

PT-2020-2103 · Mozilla +1 · Bleach +1

Name of the Vulnerable Software and Affected Versions: Mozilla Bleach versions prior to 3.12 Description: A mutation XSS issue affects users calling bleach.clean with specific settings, including whitelisting svg or math tags, allowing RCDATA tags, and setting the strip keyword argument to False...

9.8CVSS6.7AI score0.02195EPSS
Exploits4References50
Rows per page
Query Builder