mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
888 B
888 B
CVE-2019-17001
Description
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This vulnerability affects Firefox < 70.
POC
Reference
Github
No PoCs found on GitHub currently.