CVE-2020-6802 vulnerability in Mozilla and Other Products
Published on March 24, 2020

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.

Github Repository Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-6802

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-6802 are published in these products:

Mozilla Bleach

Fedora Project Fedora

Canonical Ubuntu Linux

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-6802

Package Manager	Vulnerable Package	Versions	Fixed In
pip	bleach	< 3.1.1	3.1.1

Exploit Probability

EPSS

0.23%

Percentile

45.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-6802 vulnerability in Mozilla and Other ProductsPublished on March 24, 2020

Products Associated with CVE-2020-6802

Vulnerable Packages

Exploit Probability

CVE-2020-6802 vulnerability in Mozilla and Other Products
Published on March 24, 2020