{"uuid": "e1a4d73c-e9f8-4049-9de9-8f0e3c5a6b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26870", "type": "seen", "source": "https://t.me/cibsecurity/15118", "content": "\u203c CVE-2020-26870 \u203c\n\nCure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-07T20:29:20.000000Z"}