CVE-2020-6802 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-6802 Interim 1 19 2025-11-05T02:47:14Z current 2021-05-30T14:37:12Z 2025-11-05T02:47:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-6802 In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/42YYAZLSUO2H6HI5G3EGIRCDDAHTGJGK/ E-Mail link for openSUSE-SU-2020:0308-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FWUX2BHDV6ER4EK7BZ3BABNQIAP7B2N2/ E-Mail link for openSUSE-SU-2020:0325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Python 3 15 SP6 SUSE Package Hub 15 SP1 openSUSE Leap 15.1 openSUSE Tumbleweed python2-bleach-3.1.1-bp151.4.4.1 python2-bleach-3.1.1-lp151.3.6.1 python3-bleach-3.1.1-bp151.4.4.1 python3-bleach-3.1.1-lp151.3.6.1 python310-bleach-6.1.0-1.5 python311-bleach-6.0.0-150400.9.3.1 python311-bleach-6.1.0-1.5 python312-bleach-6.1.0-1.5 python313-bleach-6.2.0-160000.2.2 python36-bleach-3.3.0-1.4 python38-bleach-3.3.0-1.4 python39-bleach-3.3.0-1.4 weblate-4.8.1-1.1 weblate-doc-4.8.1-1.1 python311-bleach-6.0.0-150400.9.3.1 as a component of SUSE Linux Enterprise Module for Python 3 15 SP6 python313-bleach-6.2.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python2-bleach-3.1.1-bp151.4.4.1 as a component of SUSE Package Hub 15 SP1 python3-bleach-3.1.1-bp151.4.4.1 as a component of SUSE Package Hub 15 SP1 python2-bleach-3.1.1-lp151.3.6.1 as a component of openSUSE Leap 15.1 python3-bleach-3.1.1-lp151.3.6.1 as a component of openSUSE Leap 15.1 python310-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python311-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python312-bleach-6.1.0-1.5 as a component of openSUSE Tumbleweed python36-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed python38-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed python39-bleach-3.3.0-1.4 as a component of openSUSE Tumbleweed weblate-4.8.1-1.1 as a component of openSUSE Tumbleweed weblate-doc-4.8.1-1.1 as a component of openSUSE Tumbleweed In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. CVE-2020-6802 SUSE Linux Enterprise Module for Python 3 15 SP6:python311-bleach-6.0.0-150400.9.3.1 SUSE Linux Enterprise Server 16.0:python313-bleach-6.2.0-160000.2.2 SUSE Package Hub 15 SP1:python2-bleach-3.1.1-bp151.4.4.1 SUSE Package Hub 15 SP1:python3-bleach-3.1.1-bp151.4.4.1 openSUSE Leap 15.1:python2-bleach-3.1.1-lp151.3.6.1 openSUSE Leap 15.1:python3-bleach-3.1.1-lp151.3.6.1 openSUSE Tumbleweed:python310-bleach-6.1.0-1.5 openSUSE Tumbleweed:python311-bleach-6.1.0-1.5 openSUSE Tumbleweed:python312-bleach-6.1.0-1.5 openSUSE Tumbleweed:python36-bleach-3.3.0-1.4 openSUSE Tumbleweed:python38-bleach-3.3.0-1.4 openSUSE Tumbleweed:python39-bleach-3.3.0-1.4 openSUSE Tumbleweed:weblate-4.8.1-1.1 openSUSE Tumbleweed:weblate-doc-4.8.1-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N