返回 CVE 浏览器

CVE-2020-6802

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1290%

EPSS Percentile34.62th

Published2020年3月24日

Last Modified2024年11月21日

Vulnerability Description

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Affected Platforms (CPE)

📦

Mozilla

Bleach

< 3.1.1

💻

Fedoraproject

Fedora

= 30

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

References & Advisories

🔗 https://advisory.checkmarx.net/advisory/CX-2020-4276

🔗 https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX/

🔗 https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach

🔗 https://advisory.checkmarx.net/advisory/CX-2020-4276

🔗 https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r

相关漏洞威胁

CVE-2018-77539.8

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values con...

CVE-2018-36507.8

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivi...

CVE-2020-68166.1

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyw...

CVE-2020-636410.0

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to m...