CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

149 matches found

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS6AI score0.00013EPSS

Exploits1References7

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в chromium

“Type Confusion” in MathML in Google Chrome prior to version 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00815EPSS

Exploits1References1

RedhatCVE•added 2026/04/28 11:57 a.m.•2 views

CVE-2026-41240

8.1CVSS5.4AI score0.00013EPSS

Exploits1References6

OSV•added 2026/04/23 4:16 p.m.•0 views

UBUNTU-CVE-2026-41239

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS5.6AI score0.00059EPSS

Exploits0References3

UbuntuCve•added 2026/04/23 4:16 p.m.•1 views

CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS5.7AI score0.00013EPSS

Exploits1References2

OSV•added 2026/04/23 4:16 p.m.•0 views

UBUNTU-CVE-2026-41238

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...

6.9CVSS5.8AI score0.00039EPSS

Exploits0References3

Github Security Blog•added 2026/04/22 9:25 p.m.•2 views

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

5.8AI score

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/20 7:23 p.m.•1 views

CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows...

4.7CVSS5.7AI score0.00034EPSS

Exploits0References1

Github Security Blog•added 2026/04/08 12:6 a.m.•6 views

justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

5.8AI score

Exploits0References4Affected Software1

OSV•added 2025/12/02 1:20 a.m.•8 views

GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7AI score0.00027EPSS

Exploits1References4

CVE•added 2025/12/01 10:35 p.m.•61 views

CVE-2025-66412

CVE-2025-66412 concerns Angular’s Template Compiler, where a stored XSS could occur due to an incomplete security schema that fails to classify certain URL-holding attributes (e.g., javascript: URLs) as requiring strict URL security. The vulnerability allows injection of malicious scripts and is ...

8.5CVSS5.3AI score0.00027EPSS

Exploits1References4Affected Software1

Cvelist•added 2025/12/01 10:35 p.m.•11 views

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

8.5CVSS0.00027EPSS

Exploits1References2