Описание
Visual Studio Remote Code Execution Vulnerability
FAQ
Why is a CVE that was issued by the MITRE Corporation in the Security Update Guide?
CVE-2020-26870 documents a vulnerability in Cure53 DOMPurify which is open source software used by Visual Studio. The documented Visual Studio updates incorporate the updates in Cure53 DOMPurify which address the vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | ||
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft Visual Studio 2019 version 16.8 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7 High
CVSS3
Связанные уязвимости
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs becaus ...
Уязвимость библиотеки DOMPurify, связанная с непринятием мер по защите структуры веб-старницы, позволяющая нарушителю осуществить межсайтовую сценарную атаку
EPSS
7 High
CVSS3