bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-27T17:57:28
Updated: 2024-08-03T22:02:51.440Z
Reserved: 2021-03-27T00:00:00
Link: CVE-2021-29272
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-27T18:15:13.737
Modified: 2021-06-04T19:08:11.163
Link: CVE-2021-29272
Redhat