Lucene search
K
MozillaBleach

5 matches found

CVE
CVE
added 2023/02/16 12:0 a.m.202 views

CVE-2021-23980

CVE-2021-23980 affects the python-bleach library. A mutation XSS can occur when bleach.clean is called with any of the tags svg or math, and also with allowed tags including p or br, plus style, title, noscript, script, textarea, noframes, iframe, or xmp, and with strip_comments=False. Note that ...

6.1CVSS5.7AI score0.00483EPSS
CVE
CVE
added 2020/03/24 9:15 p.m.194 views

CVE-2020-6816

CVE-2020-6816 affects Mozilla Bleach. A mutation XSS in bleach.clean occurs when RCDATA and either svg or math are whitelisted and strip=False, allowing a remote attacker to inject script into a Web page viewed by victims. Affected: Bleach versions prior to 3.12. Remediation: upgrade to bleach 3....

6.1CVSS5.9AI score0.01301EPSS
CVE
CVE
added 2020/03/24 9:13 p.m.190 views

CVE-2020-6802

Mozilla Bleach prior to 3.11 is vulnerable to mutation XSS via bleach.clean when noscript and a raw tag are allowed/whitelisted. A remote attacker could inject script into a page viewed in a browser (impact: carry out client-side script execution). Remediation observed in multiple sources shows u...

6.1CVSS5.9AI score0.01688EPSS
CVE
CVE
added 2018/03/07 11:0 p.m.158 views

CVE-2018-7753

Bleach 2.1.x before 2.1.3 contains a URI sanitization flaw: attributes with URI values that include character entities could bypass the allowed-scheme check, allowing a disallowed scheme to pass through unsanitized. Affected: Bleach 2.1.x (prior to 2.1.3). Impact noted across multiple advisories ...

9.8CVSS9.1AI score0.02229EPSS
CVE
CVE
added 2023/02/16 12:0 a.m.100 views

CVE-2020-6817

CVE-2020-6817 affects the python-bleach library: bleach.clean parsing of style attributes can trigger a ReDoS when an allowed tag and an allowed style attribute are present (e.g., attributes={'a': ['style']}). The vulnerability is tied to the handling of style attributes in the white-list sanitiz...

7.5CVSS6.3AI score0.00718EPSS