cve/CVE-2020-26870.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

POC

Reference

02724b8eb0
02724b8eb0
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com//security-alerts/cpujul2021.html

Github

https://github.com/deepakdba/cve_checklist
https://github.com/radtek/cve_checklist

1005 B Raw Blame History

CVE-2020-26870

Description

POC

Reference

Github

1005 B

Raw Blame History