---

CVE-2021-23974 - log back

CVE-2021-23974 edited at 23 Feb 2021 18:52:24
Remote	- Local + Remote

CVE-2021-23974 edited at 23 Feb 2021 18:50:25
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Cross-site scripting
Description	+ A security issue was found in Firefox before version 86.0. The DOMParser API did not properly process <noscript> elements for escaping. This could be used as a mutation cross-site scripting (mXSS) vector to bypass an HTML Sanitizer.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 + https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627
Notes

CVE-2021-23974 created at 23 Feb 2021 18:42:31