Lucene search
K

15 matches found

Cvelist
Cvelist
added 2023/02/16 12:0 a.m.44 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.2AI score0.00483EPSS
Exploits1References2
CVE
CVE
added 2023/02/16 12:0 a.m.206 views

CVE-2021-23980

CVE-2021-23980 affects the python-bleach library. A mutation XSS can occur when bleach.clean is called with any of the tags svg or math, and also with allowed tags including p or br, plus style, title, noscript, script, textarea, noframes, iframe, or xmp, and with strip_comments=False. Note that ...

6.1CVSS5.7AI score0.00483EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.11 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

5.9AI score0.00483EPSS
Exploits1References2
OSV
OSV
added 2022/08/26 11:4 a.m.5 views

OESA-2022-1861 python-bleach security update

Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list. Security Fixes: No description is available for this CVE.CVE-2021-23980...

6.1CVSS6.9AI score0.00483EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2021-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.00483EPSS
Exploits1References6
Mageia
Mageia
added 2021/06/16 8:22 p.m.68 views

Updated python-bleach packages fix a security vulnerability

It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...

6.1CVSS1.5AI score0.00483EPSS
Exploits1References4
Debian
Debian
added 2021/04/18 2:41 p.m.67 views

[SECURITY] [DSA 4892-1] python-bleach security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq -...

2.3AI score0.00483EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/18 12:0 a.m.46 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0571-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.24 views

openSUSE: Security Advisory for python-bleach (openSUSE-SU-2021:0552-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.7AI score0.01301EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.33 views

openSUSE Security Update : python-bleach (openSUSE-2021-552)

This update for python-bleach fixes the following issues : - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5 : - replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.9AI score0.01301EPSS
Exploits3References6
OSV
OSV
added 2021/04/14 2:51 p.m.9 views

OPENSUSE-SU-2021:0552-1 Security update for python-bleach

This update for python-bleach fixes the following issues: - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5: replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

7.5CVSS6.8AI score0.01301EPSS
Exploits3References7
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/14 12:0 a.m.50 views

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0552-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

6.1CVSS7.3AI score0.01301EPSS
Exploits3References3
vulnersOsv
vulnersOsv
added 2021/02/02 5:58 p.m.5 views

abracadabra (>=0.0.0 <=0.0.5), adversarial-labeller (=0.1.8) +210 more potentially affected by CVE-2021-23980 via bleach (>=1.2.2 <=3.2.3)

bleach PYPI version =1.2.2, =0.0.0, =1.0.0, =0.0.1, =1.10.0, =0.1.0, =0.0.6, =0.3.0, =0.0.9, =0.3.4, =0.0.5, =0.1.0rc1, =0.1.3, =1.0.0 and more Source cves: CVE-2021-23980 Source advisory: OSV:GHSA-VV2X-VRPJ-QQPQ...

6.1CVSS6.8AI score0.00483EPSS
Exploits1
OSV
OSV
added 2021/02/02 5:58 p.m.42 views

GHSA-VV2X-VRPJ-QQPQ Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

6.9CVSS6.3AI score0.00483EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2021/02/02 5:58 p.m.63 views

Cross-site scripting in Bleach

Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...

6.1CVSS6.2AI score0.00483EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder