CVE-2020-6798 — Cross-site Scripting in Mozilla Firefox
Severity
6.1MEDIUMNVD
OSV8.8OSV6.5
EPSS
1.6%
top 17.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 2
Latest updateMay 24
Description
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 6…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages7 packages
🔴Vulnerability Details
5GHSA▶
GHSA-qwm2-p76q-cw3g: If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed↗2022-05-24
OSV▶
CVE-2020-6798: If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed↗2020-03-02
CVEList▶
CVE-2020-6798: If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed↗2020-03-02
📋Vendor Advisories
9💬Community
1Bugzilla▶
CVE-2020-6798 Mozilla: Incorrect parsing of template tag could result in JavaScript injection↗2020-02-11