85 matches found
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
UBUNTU-CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
CVE-2020-26870
Removed by vendor...
GHSA-CHQJ-J4FH-RW7M Cross-Site Scripting in dompurify
Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and execute...
CVE-2020-6816
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
CVE-2020-6816
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
Cross site scripting
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
Design/Logic Flaw
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
CVE-2020-6816
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
PYSEC-2020-28
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
CVE-2020-6816
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...
CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
CVE-2020-6802
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag
Impact A mutation XSS affects users calling bleach.clean with all of: the svg or math in the allowed/whitelisted tags an RCDATA tag see below in the allowed/whitelisted tags the keyword argument strip=False Patches Users are encouraged to upgrade to bleach v3.1.2 or greater. Workarounds modify...
Debian: Security Advisory (DSA-4643-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4643-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4643-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 20, 2020 https://www.debian.org/security/faq -...
PT-2020-2103 · Mozilla +1 · Bleach +1
Name of the Vulnerable Software and Affected Versions: Mozilla Bleach versions prior to 3.12 Description: A mutation XSS issue affects users calling bleach.clean with specific settings, including whitelisting svg or math tags, allowing RCDATA tags, and setting the strip keyword argument to False...