CVE-2020-6802: Cross-site Scripting
(updated )
In Mozilla Bleach, a mutation XSS affects users calling bleach.clean with noscript.
References
- advisory.checkmarx.net/advisory/CX-2020-4276
- bugzilla.mozilla.org/show_bug.cgi?id=1615315
- cure53.de/fp170.pdf
- github.com/advisories/GHSA-q65m-pv3f-wr5r
- github.com/mozilla/bleach
- github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd
- github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r
- github.com/pypa/advisory-database/tree/main/vulns/bleach/PYSEC-2020-27.yaml
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/72R4VFFHDRSQMNT7IZU3X2755ZP4HGNI
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCNLM2MGQTOLCIVVYS2Z5S7KOQJR5JC4
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTULPQB7HVPPYWEYVNHJGDTSPVIDHIZX
- nvd.nist.gov/vuln/detail/CVE-2020-6802
- www.checkmarx.com/blog/vulnerabilities-discovered-in-mozilla-bleach
Detect and mitigate CVE-2020-6802 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →