CVE-2020-26870
published 2020-10-07CVE-2020-26870: Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ammonia_project | ammonia | < 3.1.0 | 3.1.0 |
| ammonia_project | ammonia | >= 0 < 2.1.3 | 2.1.3 |
| ammonia_project | ammonia | >= 3.0.0 < 3.1.0 | 3.1.0 |
| cure53 | dompurify | < 2.0.17 | 2.0.17 |
| cure53 | dompurify | >= 0 < 2.0.17 | 2.0.17 |
| debian | debian_linux | — | — |
| debian | rust-ammonia | < rust-ammonia 3.1.2-1 (bookworm) | rust-ammonia 3.1.2-1 (bookworm) |
| github.com | gotify_server | >= 0 < 2.2.3 | 2.2.3 |
| marktext | marktext | <= 0.16.2 | — |
| microsoft | visual_studio_2017 | — | — |
| microsoft | visual_studio_2019 | — | — |
| microsoft | visual_studio_2019 | — | — |
| microsoft | visual_studio_2019 | — | — |
| microsoft | visual_studio_2019 | — | — |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.0 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.4 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.7 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.8 | — | — |
| oracle | application_express | < 21.1.0.00.01 | 21.1.0.00.01 |
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
ghsa6.1MEDIUM
osv6.1MEDIUM