CVE-2020-26293 - OpenCVE

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htmlsanitizer Project	Htmlsanitizer

Configuration 1 [-]

cpe:2.3:a:htmlsanitizer_project:htmlsanitizer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8
https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372
https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv
https://www.nuget.org/packages/HtmlSanitizer/

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-01-04T18:20:14

Updated: 2024-08-04T15:56:03.977Z

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26293

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-04T19:15:14.970

Modified: 2021-01-07T20:29:08.607

Link: CVE-2020-26293

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HtmlSanitizer", "vendor": "mganss", "versions": [{"status": "affected", "version": "< 5.0.372"}]}], "descriptions": [{"lang": "en", "value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-04T18:20:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv"}, {"tags": ["x_refsource_MISC"], "url": "https://www.nuget.org/packages/HtmlSanitizer/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8"}], "source": {"advisory": "GHSA-8j9v-h2vp-2hhv", "discovery": "UNKNOWN"}, "title": "Possible XSS bypass if style tag is allowed", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26293", "STATE": "PUBLIC", "TITLE": "Possible XSS bypass if style tag is allowed"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HtmlSanitizer", "version": {"version_data": [{"version_value": "< 5.0.372"}]}}]}, "vendor_name": "mganss"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv", "refsource": "CONFIRM", "url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv"}, {"name": "https://www.nuget.org/packages/HtmlSanitizer/", "refsource": "MISC", "url": "https://www.nuget.org/packages/HtmlSanitizer/"}, {"name": "https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372", "refsource": "MISC", "url": "https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372"}, {"name": "https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8", "refsource": "MISC", "url": "https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8"}]}, "source": {"advisory": "GHSA-8j9v-h2vp-2hhv", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:56:03.977Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.nuget.org/packages/HtmlSanitizer/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-26293", "datePublished": "2021-01-04T18:20:14", "dateReserved": "2020-10-01T00:00:00", "dateUpdated": "2024-08-04T15:56:03.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlsanitizer_project:htmlsanitizer:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCB9D50C-682F-4B40-96E0-D15A1BE2A02F", "versionEndExcluding": "5.0.372", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372."}, {"lang": "es", "value": "HtmlSanitizer es una biblioteca .NET para limpiar fragmentos HTML y documentos de construcciones que pueden conllevar a ataques de tipo XSS. En HtmlSanitizer versiones anteriores a 5.0.372, se presenta una posible omisi\u00f3n de XSS si la etiqueta de estilo es permitida. Si ha permitido expl\u00edcitamente la etiqueta \"(style)\", un atacante podr\u00eda crear HTML que incluya un script despu\u00e9s de pasar a trav\u00e9s del sanitizador. La configuraci\u00f3n predeterminada no permite la etiqueta \"(style)\", por lo que no existe riesgo si no ha permitido expl\u00edcitamente la etiqueta \"(style)\". El problema ha sido corregido en la versi\u00f3n 5.0.372."}], "id": "CVE-2020-26293", "lastModified": "2021-01-07T20:29:08.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-01-04T19:15:14.970", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mganss/HtmlSanitizer/commit/a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mganss/HtmlSanitizer/releases/tag/v5.0.372"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-8j9v-h2vp-2hhv"}, {"source": "security-advisories@github.com", "tags": ["Product", "Third Party Advisory"], "url": "https://www.nuget.org/packages/HtmlSanitizer/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}