Required CVE Record Information
Description
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
References 6 Total
- https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
- lists.fedoraproject.org: FEDORA-2020-827b677e15 vendor-advisory
- lists.fedoraproject.org: FEDORA-2020-e1fa96c506 vendor-advisory
- lists.fedoraproject.org: FEDORA-2020-e9c8bdd1e3 vendor-advisory
- https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach
- https://advisory.checkmarx.net/advisory/CX-2020-4276
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r x_transferred
- lists.fedoraproject.org: FEDORA-2020-827b677e15 vendor-advisoryx_transferred
- lists.fedoraproject.org: FEDORA-2020-e1fa96c506 vendor-advisoryx_transferred
- lists.fedoraproject.org: FEDORA-2020-e9c8bdd1e3 vendor-advisoryx_transferred
- https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach x_transferred
- https://advisory.checkmarx.net/advisory/CX-2020-4276 x_transferred