237 matches found
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the xmldom JavaScript library
Summary Due to use of the xmldom JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential XML injection vulnerability. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...
XML Injection
xmldom is vulnerable to an XML Injection. The vulnerability is due to improper handling of CDATA termination during serialization, which allows an attacker to inject malicious XML markup and manipulate the structure of the output...
Linux Distros Unpatched Vulnerability : CVE-2026-34601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...
SUSE CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
A flaw was found in xmldom. A remote attacker can exploit this by inserting specific character sequences, known as the CDATA Character Data terminator , into a CDATASection node. When the XML is serialized, these sequences are not properly handled, allowing them to be interpreted as active XML...
DEBIAN-CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
UBUNTU-CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
CVE-2026-34601 affects the xmldom library (and @xmldom/xmldom) via a CDATA terminator handling flaw. Attacker-controlled strings containing the CDATA terminator ]]> could be inserted into a CDATASection and, during XMLSerializer output, emitted verbatim, turning text into active XML markup and...
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
CVE-2026-34601
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13068 more potentially affected by CVE-2026-34601 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2026-34601 Source advisory: SNYK:JS-XMLDOM-15869637...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13068 more potentially affected by CVE-2026-34601 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2026-34601 Source advisory: OSV:GHSA-WH4C-J3R5-MJHP...
-temp-electron-manager-somiibo (=0.0.200), 1ib (>=1.0.9 <=1.0.11) +12042 more potentially affected by CVE-2026-34601 via @xmldom/xmldom (>=0.9.0 <=0.9.8)
@xmldom/xmldom NPM version =0.9.0, =1.0.9, =0.1.2, =1.2.7, =0.2.0, =1.0.8, =0.0.1, =0.0.2, =0.1.3, =0.15.0-beta, =1.0.5, =0.3.31, =0.3.33 and more Source cves: CVE-2026-34601 Source advisory: OSV:GHSA-WH4C-J3R5-MJHP...
-temp-electron-manager-somiibo (=0.0.200), 1ib (>=1.0.9 <=1.0.11) +12042 more potentially affected by CVE-2026-34601 via @xmldom/xmldom (>=0.9.0 <=0.9.8)
@xmldom/xmldom NPM version =0.9.0, =1.0.9, =0.1.2, =1.2.7, =0.2.0, =1.0.8, =0.0.1, =0.0.2, =0.1.3, =0.15.0-beta, =1.0.5, =0.3.31, =0.3.33 and more Source cves: CVE-2026-34601 Source advisory: SNYK:JS-XMLDOMXMLDOM-15869636...
2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +4128 more potentially affected by CVE-2026-34601 via @xmldom/xmldom (>=0.7.0 <=0.8.11)
@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =1.0.4, =1.0.0, =2.1.0-develop-2ff6c7-mckmjkzz, =2.1.0-renovate-fdebc6-mhg3djx8 - @abcd19/st-grid =3.1.0 - @abdullahceylan/expo-cli =0.2.6 and more Source cves: CVE-2026-34601 Source advisory: OSV:GHSA-WH4C-J3R5-MJHP...
XML Injection
Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the XMLSerializer function. An attacker can manipulate the structure and integrity of generated...