5 matches found
CVE-2021-23980
CVE-2021-23980 affects the python-bleach library. A mutation XSS can occur when bleach.clean is called with any of the tags svg or math, and also with allowed tags including p or br, plus style, title, noscript, script, textarea, noframes, iframe, or xmp, and with strip_comments=False. Note that ...
CVE-2020-6816
CVE-2020-6816 affects Mozilla Bleach. A mutation XSS in bleach.clean occurs when RCDATA and either svg or math are whitelisted and strip=False, allowing a remote attacker to inject script into a Web page viewed by victims. Affected: Bleach versions prior to 3.12. Remediation: upgrade to bleach 3....
CVE-2020-6802
Mozilla Bleach prior to 3.11 is vulnerable to mutation XSS via bleach.clean when noscript and a raw tag are allowed/whitelisted. A remote attacker could inject script into a page viewed in a browser (impact: carry out client-side script execution). Remediation observed in multiple sources shows u...
CVE-2018-7753
Bleach 2.1.x before 2.1.3 contains a URI sanitization flaw: attributes with URI values that include character entities could bypass the allowed-scheme check, allowing a disallowed scheme to pass through unsanitized. Affected: Bleach 2.1.x (prior to 2.1.3). Impact noted across multiple advisories ...
CVE-2020-6817
CVE-2020-6817 affects the python-bleach library: bleach.clean parsing of style attributes can trigger a ReDoS when an allowed tag and an allowed style attribute are present (e.g., attributes={'a': ['style']}). The vulnerability is tied to the handling of style attributes in the white-list sanitiz...