Lucene search
K

79 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/26 1:23 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.4.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: th...

7.5CVSS6.6AI score0.00394EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-47875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is...

10CVSS6.7AI score0.01093EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:47 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/05/15 4:15 p.m.14 views

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

7.5CVSS0.00394EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 4:15 p.m.11 views

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

7.5CVSS7.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/15 12:0 a.m.10 views

CVE-2025-48050

In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...

7.5CVSS7.4AI score0.00394EPSS
Exploits0References4
CVE
CVE
added 2025/05/15 12:0 a.m.112 views

CVE-2025-48050

CVE-2025-48050 — DOMPurify path traversal risk In DOMPurify up to 3.2.5 (before 6bc6d60), scripts/server.js may fail to ensure that a pathname stays under the current working directory, enabling potential path traversal (CWE-24). The supplier notes this originates in a development helper script t...

7.5CVSS7.4AI score0.00394EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 10:17 a.m.19 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS6.4AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 6:54 p.m.15 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in DOMPurify

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of DOMPurify Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerabilit...

10CVSS5.5AI score0.01093EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:45 a.m.17 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in DOMPurify

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of DOMPurify Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. By adding or modifying...

7.3CVSS9.6AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 12:30 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/07 3:22 p.m.25 views

Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 10:58 p.m.13 views

Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)

Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software4
Github Security Blog
Github Security Blog
added 2025/02/14 9:31 a.m.23 views

DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.5AI score0.00559EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2025/02/14 9:15 a.m.19 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS0.00559EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.6 views

PT-2025-7240

Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 3.2.4 Description: The issue is related to an incorrect template literal regular expression in DOMPurify, which can lead to mutation cross-site scripting mXSS. Recommendations: For versions prior to 3.2.4, update t...

4.5CVSS6.8AI score0.00559EPSS
Exploits1References22
Debian CVE
Debian CVE
added 2025/02/14 12:0 a.m.8 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.9AI score0.00559EPSS
Exploits1
Cvelist
Cvelist
added 2025/02/14 12:0 a.m.8 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS0.00559EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/02/14 12:0 a.m.14 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS4.6AI score0.00559EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 3.2.4, which stems from the presence of incorrect template literal regular expressions that can lead to mutant...

6.1CVSS5.9AI score0.00559EPSS
Exploits1References5
Rows per page
Query Builder