CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...

CVE-2024-41808 OpenObserve stored XSS vulnerability may lead to complete account takeover

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...

PT-2024-7008

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.4 DOMPurify versions prior to 3.1.3 Description The issue is related to the DOMPurify library, which is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. It has been discovered that...

GHSA-8HGG-XXM5-3873 DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

DOMPurify Open Redirect vulnerability

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

@5lions/library-registry-admin (=0.0.0), @ampproject/worker-dom (>=0.2.18 <=0.9.0) +51 more potentially affected by CVE-2019-25155 via dompurify (>=0.6.6 <=1.0.10)

dompurify NPM version =0.6.6, =0.2.18, =0.0.11, =0.8.8, =0.0.1, =0.7.2, =0.0.1, =1.0.2, =0.0.1, =0.9.7, =1.0.0, =1.1.0 and more Source cves: CVE-2019-25155 Source advisory: OSV:GHSA-8HGG-XXM5-3873...

Reverse Tabnabbing

DOMPurify is vulnerable to reverse tabnabbing. The vulnerability is due to a missing rel="noopener noreferrer" attribute on links that use the target="blank" attribute. This can potentially lead to Phishing Attacks...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

Code injection

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

UBUNTU-CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

DOMPurify Security Vulnerability

DOMPurify is a DOM Document Object Model written in JavaScript for HTML, MathML and SVG. A security vulnerability exists in versions of DOMPurify prior to 1.0.11, which stems from a missing attribute for links...

PT-2023-11380 · Dompurify · Dompurify

Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 1.0.11 Description: The issue allows reverse tabnabbing due to links lacking a 'rel="noopener noreferrer"' attribute in demos/hooks-target-blank-demo.html. Recommendations: For versions prior to 1.0.11, update to...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

CVE-2019-25155

DOMPurify before 1.0.11 is affected by a reverse tabnabbing issue in demos/hooks-target-blank-demo.html due to missing rel="noopener noreferrer" on links. This is the concrete vulnerability described across CVE-2019-25155 entries: the root cause is the absence of a security attribute on target-bl...

CVE-2019-25155

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute...

Cross-Site-Scripting attack on `<RichTextField>`

Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...

GHSA-5JCR-82FH-339V Cross-Site-Scripting attack on `<RichTextField>`

Impact All React applications built with react-admin and using the are affected. outputs the field value using dangerouslySetInnerHTML without client-side sanitization. If the data isn't sanitized server-side, this opens a possible Cross-Site-Scripting XSS attack. Proof of concept: jsx import...

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...