dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow an attacker to perform cross-site scripting XSS attacks or exploit weak cryptographic algorithms to decrypt sensitive information. These vulnerabilities have been addressed in version 3.12.24...

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.16 / 10.4.x < 11.3.0 XSS (JSDSERVER-16501)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16501 advisory. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has be...

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

Oracle Primavera P6 Enterprise Project Portfolio Management (January 2026 CPU)

The versions of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and...

MiracleLinux 9 : grafana-10.2.6-7.el9 (AXSA:2024-9335:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9335:21 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

MiracleLinux 9 : grafana-9.2.10-19.el9_4 (AXSA:2024-8957:17)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8957:17 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the...

MiracleLinux 8 : grafana-9.2.10-20.el8_10 (AXSA:2024-8935:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8935:16 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the...

XSS (Cross Site Scripting) dompurify Dependency in Jira Service Management Data Center and Server

This High severity XSS Cross Site Scripting vulnerability was introduced in versions 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, and 11.1.0 of Jira Service Management Data Center and Server. This XSS Cross Site Scripting vulnerability, with a CV...

GHSA-W8X4-X68C-M6FC html2pdf.js contains a cross-site scripting vulnerability

Impact html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, an...

html2pdf.js contains a cross-site scripting vulnerability

Impact html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing malicious scripts to be run on the client browser and risking the confidentiality, integrity, an...

XSS (Cross Site Scripting) dompurify Dependency in Jira Software Data Center and Server

This High severity XSS Cross Site Scripting vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, and 11.1.0 of Jira Software Data Center and Server. This XSS Cross Site Scripting vulnerability, with a CVSS Score o...

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

TencentOS Server 3: grafana (TSSA-2024:0734)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0734 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF005 and 25.0.0-IF002. These vulnerabilities have been also addressed in 24.0.1-IF005. Vulnerability Details CVEID:CVE-2025-36091 DESCRIPTION: IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.51 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...