Lucene search
+L

23 matches found

OSV
OSV
added 2026/06/04 6:8 p.m.30 views

ROOT-APP-NPM-CVE-2026-41673 CVE-2026-41673 in @rootio/xmldom__xmldom - Patched by Root

Root has patched CVE-2026-41673 in the @rootio/xmldomxmldom package for Root:npm. Multiple fixed versions available...

8.7CVSS5.3AI score0.00643EPSS
Exploits0
OSV
OSV
added 2026/05/07 4:16 a.m.6 views

UBUNTU-CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 4:16 a.m.6 views

UBUNTU-CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References13
OSV
OSV
added 2026/05/07 3:47 a.m.1 views

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS6AI score0.00457EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/05/07 3:40 a.m.5 views

CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References12
EUVD
EUVD
added 2026/05/07 3:40 a.m.13 views

EUVD-2026-28288

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References12
OSV
OSV
added 2026/05/07 3:40 a.m.1 views

CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

8.7CVSS5.9AI score0.00643EPSS
Exploits0References18
CVE
CVE
added 2026/05/07 3:40 a.m.165 views

CVE-2026-41673

CVE-2026-41673 affects xmldom (npm package @xmldom/xmldom/xmldom). The vulnerability arises from seven recursive traversals in lib/dom.js (including normalize, serializeToString, getElementsByTagName(s), getElementsByClassName, getElementById, cloneNode, importNode, textContent, isEqualNode) that...

8.7CVSS5.7AI score0.00643EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2026/05/07 3:36 a.m.11 views

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS5.8AI score0.00365EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.9 views

CVE-2026-41672

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS5.8AI score0.00365EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 an...

8.7CVSS5.6AI score0.00408EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 8:23 p.m.44 views

xmldom: Uncontrolled recursion in XML serialization leads to DoS

Summary Seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DOM tree causes a RangeError: Maximum call stack size exceeded, crashing the application. Reported operations: - Node.prototype.normalize — reported by @praveen-kv email 2026-04-05 and...

8.7CVSS6.1AI score0.00643EPSS
Exploits0References14Affected Software2
Snyk
Snyk
added 2026/04/22 8:19 p.m.9 views

XML Injection

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to XML Injection in...

8.7CVSS5.8AI score0.00457EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 9:0 p.m.9 views

XML Injection

Overview org.webjars.npm:xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection due to unvalidated comment serialization. When an application uses the package to create an XML...

8.7CVSS5.4AI score0.00365EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 1:36 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the xmldom JavaScript library

Summary Due to use of the xmldom JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential XML injection vulnerability. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

7.5CVSS5.6AI score0.00472EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/02 6:16 p.m.3 views

DEBIAN-CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

7.5CVSS5.2AI score0.00472EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:47 p.m.3 views

CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

7.5CVSS5.7AI score0.00472EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:47 p.m.28 views

CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

7.5CVSS0.00472EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-39353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it...

9.8CVSS7AI score0.03025EPSS
Exploits2References2
OSV
OSV
added 2022/10/11 8:42 p.m.1 views

GHSA-9PGH-QQPF-7WQJ Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

Withdrawn This advisory has been withdrawn because the maintainers of @xmldom/xmldom and multiple third parties disputed the validity of the issue. Attempts to create or replicate a proof of concept have been unsuccessful. Original Description Impact A prototype pollution vulnerability exists in...

9.8CVSS7AI score0.01535EPSS
Exploits0References14
Rows per page
Query Builder