CVE-2021-23980

Published: Feb 16, 2023

Modified: Mar 19, 2025

PUBLISHED

Description

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

Vendor	Product	Versions
Mozilla	Mozilla Bleach	affected `unspecified - < 3.3.0`

References

https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq

https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2021-23980

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-23980

Description

Affected Products

References