Lucene search
PRIOn knowledge basePRION:CVE-2020-26870HistoryOct 07, 2020 - 4:15 p.m.
Session fixation
2020-10-0716:15:00
PRIOn knowledge base
www.prio-n.com
6
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References
github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
github.com/cure53/DOMPurify/compare/2.0.16...2.0.17
lists.debian.org/debian-lts-announce/2020/10/msg00029.html
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870
research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
www.oracle.com//security-alerts/cpujul2021.html
Related
osv
osv
CVE-2020-26870
2020-10-07 16:15:18
Server side request forgery in SwaggerUI
2021-12-09 19:08:38
Cross-site Scripting in dompurify
2020-12-18 22:51:40
debiancve
debiancve
CVE-2020-26870
2020-10-07 16:15:00
CVE-2021-38193
2021-08-08 06:15:09
veracode
veracode
Cross-Site Scripting (XSS)
2020-10-08 06:06:52
nvd
nvd
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2020-26870
2020-10-07 00:00:00
CVE-2021-38193
2021-08-08 00:00:00
mscve
mscve
Visual Studio Remote Code Execution Vulnerability
2021-01-12 08:00:00
nodejs
nodejs
Cross-Site Scripting
2020-12-18 22:54:16
github
github
Cross-site Scripting in dompurify
2020-12-18 22:51:40
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
2023-01-10 22:48:43
Server side request forgery in SwaggerUI
2021-12-09 19:08:38
prion
prion
Design/Logic Flaw
2021-08-08 06:15:00
Design/Logic Flaw
2020-10-16 05:15:00
openvas
openvas
Debian: Security Advisory (DLA-2419-1)
2020-10-30 00:00:00
debian
debian
[SECURITY] [DLA 2419-1] dompurify.js security update
2020-10-29 16:03:08
nessus
nessus
Debian DLA-2419-1 : dompurify.js security update
2020-10-30 00:00:00
Security Updates for Microsoft Visual Studio Products (January 2021)
2021-01-14 00:00:00
Dell Wyse Management Suite < 4.0 Multiple Vulnerabilities (DSA-2022-329)
2022-12-19 00:00:00
ibm
ibm
kaspersky
kaspersky
KLA12040 Multiple vulnerability in Microsoft Developer Tools
2021-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2021
2021-01-12 23:59:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00