CyberSec.Space Logo
Back to CVE Browser

CVE-2018-7753

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1000%
EPSS Percentile10.00th
PublishedMar 7, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bleach

= 2.1
πŸ“¦
Mozilla

Bleach

= 2.1.1
πŸ“¦
Mozilla

Bleach

= 2.1.2

References & Advisories

πŸ”— https://bugs.debian.org/892252
πŸ”— https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
πŸ”— https://github.com/mozilla/bleach/releases/tag/v2.1.3
πŸ”— https://bugs.debian.org/892252
πŸ”— https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
πŸ”— https://github.com/mozilla/bleach/releases/tag/v2.1.3

Related Vulnerabilities

CVE-2018-36507.8

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivi...

CVE-2020-68026.1

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitel...

CVE-2020-68166.1

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyw...

CVE-2018-1646210.0

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command ...