A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2023-02-16T00:00:00
Updated: 2024-08-03T19:14:09.990Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-23980
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-02-16T22:15:10.713
Modified: 2023-02-27T15:19:38.357
Link: CVE-2021-23980
Redhat