CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6816

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1380%
EPSS Percentile33.23th
PublishedMar 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bleach

< 3.1.2
πŸ’»
Fedoraproject

Fedora

= 33

References & Advisories

πŸ”— https://advisory.checkmarx.net/advisory/CX-2020-4277
πŸ”— https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/
πŸ”— https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach
πŸ”— https://advisory.checkmarx.net/advisory/CX-2020-4277
πŸ”— https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDQU2SZLZMSSACCBUBJ6NOSRNNBDYFW5/
πŸ”— https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach

Related Vulnerabilities

CVE-2018-77539.8

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values con...

CVE-2018-36507.8

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivi...

CVE-2020-68026.1

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitel...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...