Download
| Alert*
oval:org.secpod.oval:def:1801687
A mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. Affected Versions: py-bleach <=3.1.0 oval:org.secpod.oval:def:118135 Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list. oval:org.secpod.oval:def:604766 It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "noscript" and one or more raw text tags were whitelisted. oval:org.secpod.oval:def:69807 It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "noscript" and one or more raw text tags were whitelisted. |