547 matches found
DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...
Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager
Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...
ROOT-APP-NPM-CVE-2026-0540 CVE-2026-0540 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-0540 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-39Q2-94RC-95CP GHSA-39q2-94rc-95cp in @rootio/dompurify - Patched by Root
Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41239 CVE-2026-41239 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-41239 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-CJ63-JHHR-WCXV GHSA-cj63-jhhr-wcxv in @rootio/dompurify - Patched by Root
Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-15599 CVE-2025-15599 in @rootio/dompurify - Patched by Root
Root has patched CVE-2025-15599 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-26791 CVE-2025-26791 in @rootio/dompurify - Patched by Root
Root has patched CVE-2025-26791 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-CJMM-F4JC-QW8R GHSA-cjmm-f4jc-qw8r in @rootio/dompurify - Patched by Root
Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-H8R8-WCCR-V5F2 GHSA-h8r8-wccr-v5f2 in @rootio/dompurify - Patched by Root
Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41240 CVE-2026-41240 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-41240 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
CVE-2026-12048
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...
CVE-2026-12048
CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...
CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...
GHSA-CMWH-PVXP-8882 DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
Summary DOMPurify 3.4.7 shipped a security fix "permanent hook pollution" that makes a registered uponSanitizeAttribute hook's mutation of data.allowedAttributes non-persistent — so allowing an attribute for one element does not leak into later sanitize calls. The fix clones ALLOWEDATTR inside...
PT-2026-50814
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...
Open WebUI: Stored XSS in Mermaid Markdown Preview
Summary Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working paylo...
PT-2026-50483
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description The application renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel:...
DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output
Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...