{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1357?format=json","vulnerability_id":"VCID-urqr-81pw-a7bb","summary":"The DOMParser API did not properly process <noscript> elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer.","aliases":[{"alias":"CVE-2021-23974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2481?format=json","purl":"pkg:alpm/archlinux/firefox@86.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@86.0-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2480?format=json","purl":"pkg:alpm/archlinux/firefox@85.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-72xt-c9m7-kqfj"},{"vulnerability":"VCID-75mg-zh1v-w3dv"},{"vulnerability":"VCID-8kxd-bque-r3ed"},{"vulnerability":"VCID-d36z-y6r2-r7a1"},{"vulnerability":"VCID-nq1q-218q-rbe4"},{"vulnerability":"VCID-pwa5-ga6g-hbhu"},{"vulnerability":"VCID-tv65-w1kw-e3dx"},{"vulnerability":"VCID-ukzw-rs52-8fac"},{"vulnerability":"VCID-urqr-81pw-a7bb"},{"vulnerability":"VCID-xb5v-quee-abce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@85.0.2-1"}],"references":[{"reference_url":"https://security.archlinux.org/AVG-1599","reference_id":"AVG-1599","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1599"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07","reference_id":"mfsa2021-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-07"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urqr-81pw-a7bb"}