XSS vulnerability by breaking out of title and textarea elements using innerHTML - CVE-2019-11744ID: oval:org.secpod.oval:def:58327 | Date: (C)2019-10-11 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
Mozilla Firefox 69, Mozilla Firefox ESR 68.1 and Mozilla Thunderbird 68.1 : Some HTML elements, such as
and
, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML
on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows Server 2003 |
Microsoft Windows 8 |
Microsoft Windows XP |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows 10 |
Product: |
Mozilla Firefox |
Mozilla Firefox ESR |
Mozilla Thunderbird |