Skip to main content

Bleach

3 CVEs product

Monthly

CVE-2020-6816 PyPI MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-6802 PyPI MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2018-7753 PyPI CRITICAL PATCH Act Now

An issue was discovered in Bleach 2.1.x before 2.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bleach
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mozilla Bleach +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Bleach 2.1.x before 2.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bleach
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy