CVE-2020-6816

CWE-79Cross-site Scripting (XSS)10 documents7 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 38.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla BleachFedoraproject Fedora
Timeline
PublishedMar 24
Latest updateMar 5

Description

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDmozilla/bleach< 3.1.2
CVEListV5mozilla_bleach<=3.11
PyPIbleach< 3.1.2
Debianpython-bleach< 3.1.3-1+3

Also affects: Fedora 33

🔴Vulnerability Details

4
OSV
CVE-2020-6816: In Mozilla Bleach before 32020-03-24
CVEList
CVE-2020-6816: In Mozilla Bleach before 32020-03-24
GHSA
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag2020-03-24
OSV
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag2020-03-24

📋Vendor Advisories

2
Ubuntu
Bleach vulnerabilities2026-03-05
Debian
CVE-2020-6816: python-bleach - In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and ei...2020

💬Community

3
Bugzilla
CVE-2020-6816 python-bleach: Mutation cross-site scripting in bleach.clean2020-04-24
Bugzilla
CVE-2020-6816 python-bleach: Mutation cross-site scripting in bleach.clean [fedora-all]2020-04-24
Bugzilla
CVE-2020-6816 python-bleach: Mutation cross-site scripting in bleach.clean [epel-all]2020-04-24
CVE-2020-6816 (MEDIUM CVSS 6.1) | In Mozilla Bleach before 3.12 | cvebase.io