Home

CVE-2020-26870

Description

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

Risk Information

Base Score
6.9
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.417

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Microsoft Visual Studio Community 2017 15.9Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Community 2019 16.0Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Community 2019 16.4Windows
Vulnerabilities CVE-2020-26870,CVE-2021-27064,CVE-2021-36952,CVE-2021-43877 are affected in Microsoft Visual Studio Community 2019 16.7Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Community 2019 16.8Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Enterprise 2017 15.9Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Enterprise 2019 16.0Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Enterprise 2019 16.4Windows
Vulnerabilities CVE-2020-26870,CVE-2021-27064,CVE-2021-36952,CVE-2021-43877 are affected in Microsoft Visual Studio Enterprise 2019 16.7Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Enterprise 2019 16.8Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Professional 2017 15.9Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Professional 2019 16.0Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Professional 2019 16.4Windows
Vulnerabilities CVE-2020-26870,CVE-2021-27064,CVE-2021-36952,CVE-2021-43877 are affected in Microsoft Visual Studio Professional 2019 16.7Windows
Multiple Vulnerabilities are affected in Microsoft Visual Studio Professional 2019 16.8Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234