CVE-2020-26870

MEDIUM EPSS 90.3%
Published Oct 7, 20205y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Oct 7, 2020 5y ago
Last Modified Jun 17, 2026 2w ago

Description

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
90.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 8

VendorProductVersionRange
cure53dompurify* <2.0.17
debiandebian_linux9.0any
microsoftvisual_studio_201715.9any
microsoftvisual_studio_201916.0any
microsoftvisual_studio_201916.4any
microsoftvisual_studio_201916.7any
microsoftvisual_studio_201916.8any
oracleapplication_express* <21.1.0.00.01

References 6

  • github.com https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
    PatchThird Party Advisory
  • github.com https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html
    Mailing ListThird Party Advisory
  • portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870
    PatchVendor Advisory
  • research.securitum.com https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
    ExploitThird Party Advisory
  • oracle.com https://www.oracle.com//security-alerts/cpujul2021.html
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
    PatchThird Party Advisory
  • github.com https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17
    PatchThird Party Advisory
  • portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870
    PatchVendor Advisory
  • oracle.com https://www.oracle.com//security-alerts/cpujul2021.html
    PatchThird Party Advisory