Lucene search
K

187 matches found

OSV
OSV
added 2021/06/16 8:22 p.m.7 views

MGASA-2021-0260 Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS6AI score0.00483EPSS
Exploits1References5
Mageia
Mageia
added 2021/06/16 8:22 p.m.68 views

Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS1.5AI score0.00483EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.36 views

Debian DSA-4892-1 : python-bleach - security update

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when'svg' or 'math' are in the allowed tags, 'p' or 'br' are in allowed tags, 'style', 'title', 'noscript', 'script', 'textarea', 'noframes','iframe', or 'xmp' a...

6.1CVSS7.3AI score0.00483EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.21 views

Debian: Security Advisory (DSA-4892-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.00483EPSS
Exploits1References4
Debian
Debian
added 2021/04/18 2:41 p.m.67 views

[SECURITY] [DSA 4892-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq -...

2.3AI score0.00483EPSS
Exploits1
Debian
Debian
added 2021/04/18 2:41 p.m.117 views

[SECURITY] [DSA 4892-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq -...

6.1CVSS6.2AI score0.00483EPSS
Exploits1
OSV
OSV
added 2021/04/18 12:0 a.m.45 views

DSA-4892-1 python-bleach - security update

Bulletin has no description...

6.1CVSS6.3AI score0.00483EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/18 12:0 a.m.46 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0571-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
OSV
OSV
added 2021/04/17 10:5 p.m.10 views

OPENSUSE-SU-2021:0571-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.8AI score0.01301EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.24 views

openSUSE: Security Advisory for python-bleach (openSUSE-SU-2021:0552-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.7AI score0.01301EPSS
Exploits3References2
OSV
OSV
added 2021/04/14 2:51 p.m.9 views

OPENSUSE-SU-2021:0552-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.8AI score0.01301EPSS
Exploits3References7
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/14 12:0 a.m.50 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0552-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2021/04/07 12:0 a.m.40 views

Debian: Security Advisory (DLA-2620-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.00483EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/04/07 12:0 a.m.33 views

Debian DLA-2620-1 : python-bleach security update

It was discovered that there was a cross-site scripting XSS vulnerability in python-bleach, a whitelist-based HTML sanitisation library. For Debian 9 'Stretch', this problem has been fixed in version 2.0-1+deb9u1. We recommend that you upgrade your python-bleach packages. For the detailed securit...

6.1CVSS7AI score0.00483EPSS
Exploits1References4
Debian
Debian
added 2021/04/06 12:22 p.m.48 views

[SECURITY] [DLA 2620-1] python-bleach security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2620-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 06, 2021 https://wiki.debian.org/LTS -...

6.1CVSS6.1AI score0.00483EPSS
Exploits1
OSV
OSV
added 2021/04/06 12:0 a.m.33 views

DLA-2620-1 python-bleach - security update

Bulletin has no description...

6.1CVSS6.3AI score0.00483EPSS
Exploits1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

Python Bleach 跨站脚本漏洞

Python Bleach is a Python based HTML cleanup library. Python Bleach suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code in the context of a website...

6.1CVSS7.4AI score0.00483EPSS
Exploits1References8
Veracode
Veracode
added 2021/03/31 5:50 a.m.6 views

Cross-site Scripting

bleach is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script by calling bleach.clean with all of 1 svg or math in the allowed tags 2 p or br in allowed tags 3style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags 4the...

6.1CVSS6AI score0.00483EPSS
Exploits1References6Affected Software3
RedHat Linux
RedHat Linux
added 2021/03/09 4:10 p.m.30 views

python-bleach: Mutation cross-site scripting in bleach.clean

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS5.8AI score0.00483EPSS
Exploits1References5
Veracode
Veracode
added 2021/02/03 1:4 p.m.11 views

Cross-Site Scripting (XSS)

bleach is vulnerable to cross-site scripting XSS. Invocation of bleach.clean method with all of the allowed tags svg or math, p or br, style, title, noscript, script, textarea, noframes, iframe, or xmp and the keyword argument stripcomments=False will allow. the browser to mutate a harmless conte...

1.1AI score
Exploits0
Rows per page
Query Builder