Description


Doran Moppert



2020-02-11 22:41:59 UTC

If a `<template>` tag was used in a `<select>` tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798



Source link

Write a comment:
*

Your email address will not be published.