1. Home
  2. Vulnerabilities
  3. CVE-2019-11720

CVE-2019-11720

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.52 % (77th)
0.52% Progress
Affected Products 2
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2019-07-23 14:15:16
(5 years ago)
Updated Date
2023-03-02 16:23:07
(18 months ago)

Affected Products

Mozilla

Opensuse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 68.0 version cpe:2.3:a:mozilla:firefox < 68.0

Configuration #2

    CPE23 From Up To
  Opensuse Leap 15.0 cpe:2.3:o:opensuse:leap:15.0
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1