Lucene search
+L

9 matches found

snyk
snyk
added 2026/04/03 3:46 a.m.6 views

Permissive List of Allowed Inputs

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious...

6.1CVSS6AI score
Exploits0References2
osv
osv
added 2026/04/03 3:46 a.m.15 views

GHSA-CJMM-F4JC-QW8R DOMPurify ADD_ATTR predicate skips URI validation

Summary DOMPurify allows ADDATTR to be provided as a predicate function via EXTRAELEMENTHANDLING.attributeCheck. When the predicate returns true, isValidAttribute short-circuits the attribute check before URI-safe validation runs. An attacker who supplies a predicate that accepts specific...

5.3CVSS6AI score
Exploits0References3
osv
osv
added 2025/09/04 6:15 p.m.4 views

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References2
cvelist
cvelist
added 2025/09/04 5:14 p.m.8 views

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00262EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/09/04 12:0 a.m.7 views

PT-2025-36016

Name of the Vulnerable Software and Affected Versions: sdp discovery.cc affected versions not specified Description: An out-of-bounds read issue exists in the add attr function of sdp discovery.cc due to a missing bounds check. This could lead to remote information disclosure and does not require...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
osv
osv
added 2023/03/24 8:15 p.m.2 views

CVE-2023-20954

In SDPAddAttribute of sdpdb.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

9.8CVSS7.8AI score0.00489EPSS
Exploits0References1
redhat
redhat
added 2019/10/22 1:50 p.m.4 views

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS7.2AI score0.0657EPSS
Exploits1References4
redhat
redhat
added 2019/05/13 5:24 p.m.3 views

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS7.2AI score0.0657EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2018/07/01 12:0 a.m.6 views

PT-2018-9485

Name of the Vulnerable Software and Affected Versions dom4j versions prior to 2.1.1 Description The issue is related to an XML Injection vulnerability in the Class: Element, specifically in the addElement and addAttribute methods. This can result in an attacker tampering with XML documents throug...

7.8CVSS6.7AI score0.0657EPSS
Exploits1References77
Rows per page
Query Builder