Debian: Security Advisory (DSA-5790-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5790-1] node-dompurify security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5790-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...

DSA-5790-1 node-dompurify - security update

Bulletin has no description...

Debian dsa-5790 : node-dompurify - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5790 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5790-1 [email protected] https://www.debian.org/security/ Moritz...

SUSE CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. Mitigation Mitigation for this issue is either not available or the currently available options do not meet th...

@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1325 more potentially affected by CVE-2024-47875 via dompurify (>=0.6.6 <=2.4.9)

dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.3.0, =0.1.0, =0.1.0-a0, =1.1.0 and more Source cves: CVE-2024-47875 Source advisory: OSV:GHSA-GX9M-WHJM-85JF...

DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

@3t-transform/threeteeui (>=1.5.1 <=1.9.108), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +288 more potentially affected by CVE-2024-47875 via dompurify (>=3.0.0 <=3.1.2)

dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-47875 Source advisory: OSV:GHSA-GX9M-WHJM-85JF...

GHSA-GX9M-WHJM-85JF DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by 0ef5e537 2.x and merge 943 Backporter should be aware of GHSA-mmhx-hmjr-r674 CVE-2024-45801 when cherry-picking POC is avaible under test...

DEBIAN-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

UBUNTU-CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

CVE-2024-47875 affects DOMPurify and is a nesting-based mXSS vulnerability in DOMPurify’s HTML/MathML/SVG sanitization. The initial entry notes fixes in DOMPurify versions 2.5.0 and 3.1.3. Connected sources further confirm the issue is tracked across ecosystems (e.g., node-dompurify), with Debian...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

DOMPurify 跨站脚本漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A cross-site scripting vulnerability exists in DOMPurify versions prior to 2.5.0 and prior to 3.1.3, which stems from vulnerability to cross-site scripting attacks...

PT-2024-6805

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.0 DOMPurify versions prior to 3.1.3 Description The issue is related to insufficient input validation in the DOMPurify JavaScript library, which can lead to a cross-site scripting XSS attack. This vulnerability...