237 matches found
CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
UBUNTU-CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
Input validation
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
CVE-2021-32796 Misinterpretation of malicious XML input in xmldom
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
CVE-2021-32796
CVE-2021-32796 affects the xmldom library where versions
CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
xmldom 安全漏洞
Chris Brody xmldom is an open source application by Chris Brody, a JavaScript implementation of the W3C DOM for Node.js, Rhino, and browsers. xmldom has a security vulnerability in 0.6.0 and earlier versions that stems from an inability to properly escape special characters. A security...
Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper...
Misinterpretation of malicious XML input
Overview Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Workarounds...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +11270 more potentially affected by CVE-2021-21366 via xmldom (>=0.1.11 <=0.4.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.23, =1.0.0, =0.0.3, =0.1.0, =6.0.0-rc.0 and more Source cves: CVE-2021-21366 Source advisory: OSV:GHSA-H6Q6-9HQW-RWFV...
Misinterpretation of malicious XML input
Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...
DEBIAN-CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
Input validation
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
UBUNTU-CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
XMLDOM 安全漏洞
XMLDOM is a JavaScript implementation of the W3C DOM for Node by the individual developers at jindw. A security vulnerability exists in XMLDOM 0.4.0 and earlier versions that stems from not properly preserving system identifiers, fis, or namespaces...
CVE-2021-21366
CVE-2021-21366 - xmldom : The vulnerability arises from xmldom’s handling of XML when repeatedly parsing and serializing malicious documents, due to improper preservation of system identifiers, FPIs, and namespaces. This can cause unexpected syntactic changes in downstream applications. The issue...
PT-2021-14448 · Xmldom +2 · Xmldom +2
Name of the Vulnerable Software and Affected Versions: xmldom versions 0.4.0 and older Description: The issue arises when xmldom versions 0.4.0 and older fail to correctly preserve system identifiers, FPIs, or namespaces when repeatedly parsing and serializing maliciously crafted documents. This...