CVE-2018-7753

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:bleach:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bleach:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bleach:2.1.1:*:*:*:*:*:*:*

Information

Published : 2018-03-07 15:29

Updated : 2018-03-29 06:50


NVD link : CVE-2018-7753

Mitre link : CVE-2018-7753


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

mozilla

  • bleach