Security Advisory

CVE-2021-23980

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-16 00:00:00

Last updated 2025-03-19 15:18:23

Assigner mozilla

State PUBLISHED

Description

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

← Browse all CVEs View on cve.org ↗