5 matches found
CVE-2026-41240
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...
GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation
Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...
EUVD-2023-37522
Malicious code in bioql PyPI...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...
CVE-2023-33359
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery CSRF in the "add tags" function...