CVE-2020-6802

CWE-79 — Cross-site Scripting (XSS)11 documents7 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 49.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bleach Fedoraproject Fedora

Timeline

PublishedMar 24

Latest updateMar 5

Description

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDmozilla/bleach< 3.1.1

▶CVEListV5mozilla_bleach<=3.10

▶PyPIbleach< 3.1.1

▶Debianpython-bleach< 3.1.1-1+3

Also affects: Fedora 30, 31, 32

🔴Vulnerability Details

OSV

python-bleach vulnerabilities↗2026-03-05

▶

OSV

CVE-2020-6802: In Mozilla Bleach before 3↗2020-03-24

▶

CVEList

CVE-2020-6802: In Mozilla Bleach before 3↗2020-03-24

▶

OSV

XSS in Bleach when noscript and raw tag whitelisted↗2020-02-24

▶

GHSA

XSS in Bleach when noscript and raw tag whitelisted↗2020-02-24

▶

📋Vendor Advisories

Ubuntu

Bleach vulnerabilities↗2026-03-05

▶

Debian

CVE-2020-6802: python-bleach - In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean...↗2020

▶

💬Community

Bugzilla

CVE-2020-6802 python-bleach: mutation XSS vulnerability↗2020-04-21

▶

Bugzilla

CVE-2020-6802 python-bleach: mutation XSS vulnerability [epel-all]↗2020-04-21

▶

Bugzilla

CVE-2020-6802 python-bleach: mutation XSS vulnerability [fedora-all]↗2020-04-21

▶