A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2023-02-16T00:00:00

Updated: 2024-08-03T19:14:09.990Z

Reserved: 2021-01-13T00:00:00

Link: CVE-2021-23980

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-02-16T22:15:10.713

Modified: 2023-02-27T15:19:38.357

Link: CVE-2021-23980

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-02-02T00:00:00Z

Links: CVE-2021-23980 - Bugzilla