{"vulnerability": "CVE-2020-26870", "sightings": [{"uuid": "061482d3-fb82-48a6-b2b4-39fc55fffd64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26870", "type": "seen", "source": "https://t.me/ctinow/182501", "content": "https://ift.tt/7iGjCeY\nCVE-2020-26870 | Oracle Retail Customer Management and Segmentation Foundation Internal Operations cross site scripting", "creation_timestamp": "2024-02-10T09:41:20.000000Z"}, {"uuid": "e1a4d73c-e9f8-4049-9de9-8f0e3c5a6b94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26870", "type": "seen", "source": "https://t.me/cibsecurity/15118", "content": "\u203c CVE-2020-26870 \u203c\n\nCure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-07T20:29:20.000000Z"}, {"uuid": "c5b65610-c003-41ec-9a72-caa1e25f5e16", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26870", "type": "seen", "source": "https://t.me/cibsecurity/15311", "content": "\u203c CVE-2020-27176 \u203c\n\nMutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the \"source code mode\" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-16T12:42:03.000000Z"}]}