CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6802

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile34.62th
PublishedMar 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bleach

< 3.1.1
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Fedoraproject

Fedora

= 32

References & Advisories

πŸ”— https://advisory.checkmarx.net/advisory/CX-2020-4276
πŸ”— https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX/
πŸ”— https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach
πŸ”— https://advisory.checkmarx.net/advisory/CX-2020-4276
πŸ”— https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r

Related Vulnerabilities

CVE-2018-77539.8

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values con...

CVE-2018-36507.8

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivi...

CVE-2020-68166.1

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyw...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...