Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-6802: mutation XSS in bleach.clean when noscript and raw tag whitelisted

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

CVE
Open in Source
#xss#vulnerability#git#pdf

Impact

A mutation XSS affects users calling bleach.clean with noscript and a raw tag (see below) in the allowed/whitelisted tags option.

Patches

v3.1.1

Workarounds

  • modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags:

    title textarea script style noembed noframes iframe xmp

  • A strong Content-Security-Policy without unsafe-inline and unsafe-eval script-srcs) will also help mitigate the risk.

References

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1615315
  • https://cure53.de/fp170.pdf
  • https://nvd.nist.gov/vuln/detail/CVE-2020-6802
  • https://www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach

Credits

  • Reported by Yaniv Nizry from the CxSCA AppSec group at Checkmarx

For more information

If you have any questions or comments about this advisory:

  • Open an issue at https://github.com/mozilla/bleach/issues
  • Email us at security@mozilla.org

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE