503 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.4.tgz
Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: th...
Linux Distros Unpatched Vulnerability : CVE-2024-47875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is...
Linux Distros Unpatched Vulnerability : CVE-2025-48050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier...
Linux Distros Unpatched Vulnerability : CVE-2024-48910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability i...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006 (July 2025)
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...
Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910
Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...
Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Grafana (CVE-2024-45801)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45801 Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-2.5.8.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before...
CVE-2024-53847
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2021-29489
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2019-25155
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
DEBIAN-CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
UBUNTU-CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...
CVE-2025-48050
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script...