CVE-2020-26293

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26293

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26293.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-26293

Aliases

GHSA-8j9v-h2vp-2hhv

Published

2021-01-04T19:15:14Z

Modified

2024-05-15T01:13:25.745487Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the <style> tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the <style> tag so there is no risk if you have not explicitly allowed the <style> tag. The problem has been fixed in version 5.0.372.

References

Affected packages

Git / github.com/mganss/htmlsanitizer

Affected ranges

Type: GIT
Repo: https://github.com/mganss/htmlsanitizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3a7602a44d4155d51ec0fbbedc2a49e9c7e2eb8

Affected versions

v2.*

v2.0

v3.*

v3.0-beta

v3.1.76

v3.1.79

v3.1.91

v3.1.93

v3.1.98

v3.2.100

v3.2.103

v3.2.105

v3.3.122-beta

v3.3.125-beta

v3.3.126-beta

v3.3.127-beta

v3.3.128-beta

v3.3.129-beta

v3.3.130-beta

v3.3.131-beta

v3.3.132-beta

v3.3.134-beta

v3.3.140-beta

v3.3.142

v3.3.143-beta

v3.3.144-beta

v3.3.145-beta

v3.3.146-beta

v3.3.147-beta

v3.3.148-beta

v3.4.152-beta

v3.4.156

v3.5.167-beta

v3.5.168-beta

v3.5.169-beta

v4.*

v4.0.179

v4.0.180

v4.0.181

v4.0.182

v4.0.183

v4.0.185

v4.0.186

v4.0.187

v4.0.188

v4.0.189

v4.0.190

v4.0.191

v4.0.192

v4.0.193

v4.0.195

v4.0.197

v4.0.198

v4.0.199

v4.0.200

v4.0.201

v4.0.202

v4.0.203

v4.0.204

v4.0.205

v4.0.207

v4.0.209

v4.0.210

v4.0.211

v4.0.212

v4.0.217

v4.0.219

v4.0.220

v4.0.222

v4.0.224

v4.0.228

v4.0.229

v4.0.230

v5.*

v5.0.214

v5.0.215

v5.0.216

v5.0.218

v5.0.233

v5.0.234

v5.0.236

v5.0.237

v5.0.239

v5.0.240

v5.0.242

v5.0.244

v5.0.245

v5.0.246

v5.0.248

v5.0.249

v5.0.250

v5.0.251

v5.0.257

v5.0.258

v5.0.260

v5.0.261

v5.0.263

v5.0.264

v5.0.266

v5.0.267

v5.0.269

v5.0.270

v5.0.272

v5.0.274

v5.0.275

v5.0.277

v5.0.278

v5.0.280

v5.0.281

v5.0.283

v5.0.284

v5.0.287

v5.0.288

v5.0.290

v5.0.291

v5.0.292

v5.0.293

v5.0.294

v5.0.296

v5.0.297

v5.0.298

v5.0.303

v5.0.304

v5.0.305

v5.0.307

v5.0.308

v5.0.310

v5.0.311

v5.0.313

v5.0.314

v5.0.316

v5.0.317

v5.0.319

v5.0.320

v5.0.322

v5.0.323

v5.0.325

v5.0.326

v5.0.328

v5.0.329

v5.0.331

v5.0.332

v5.0.341

v5.0.342

v5.0.343

v5.0.344

v5.0.346

v5.0.347

v5.0.349

v5.0.350

v5.0.352

v5.0.353

v5.0.354

v5.0.355

v5.0.358

v5.0.359

v5.0.361

v5.0.363

v5.0.364

v5.0.365

v5.0.366

v5.0.367

v5.0.368

v5.0.369

v5.0.371