CVE-2018-7753

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:bleach:2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bleach:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:bleach:2.1.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-07 23:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-7753

Mitre link : CVE-2018-7753

CVE.ORG link : CVE-2018-7753


JSON object : View

Products Affected

mozilla

  • bleach
CWE
CWE-20

Improper Input Validation