79 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.4.tgz
Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: th...
Linux Distros Unpatched Vulnerability : CVE-2024-47875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
CVE-2025-48050 — DOMPurify path traversal risk In DOMPurify up to 3.2.5 (before 6bc6d60), scripts/server.js may fail to ensure that a pathname stays under the current working directory, enabling potential path traversal (CWE-24). The supplier notes this originates in a development helper script t...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in DOMPurify
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of DOMPurify Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerabilit...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in DOMPurify
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of DOMPurify Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. By adding or modifying...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...
Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...
Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)
Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...
DOMPurify allows Cross-site Scripting (XSS)
DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
PT-2025-7240
Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 3.2.4 Description: The issue is related to an incorrect template literal regular expression in DOMPurify, which can lead to mutation cross-site scripting mXSS. Recommendations: For versions prior to 3.2.4, update t...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 3.2.4, which stems from the presence of incorrect template literal regular expressions that can lead to mutant...