Vulnerabilities > Mozilla > Bleach > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2021-23980 Cross-site Scripting vulnerability in Mozilla Bleach
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
network
low complexity
mozilla CWE-79
6.1
2020-03-24 CVE-2020-6816 Cross-site Scripting vulnerability in multiple products
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
network
low complexity
mozilla fedoraproject CWE-79
6.1
2020-03-24 CVE-2020-6802 Cross-site Scripting vulnerability in multiple products
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
network
low complexity
mozilla fedoraproject CWE-79
6.1