Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2024/12/03 4:20 p.m.5 views

dompurify: XSS vulnerability via prototype pollution

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks...

7.3CVSS6.5AI score0.00844EPSS
Exploits0References7
OSV
OSV
added 2024/09/16 7:16 p.m.2 views

UBUNTU-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.5AI score0.00844EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.4 views

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.5.4 and prior to 3.1.3, which stems from malicious HTML using a special nesting technique to bypass the depth...

7.3CVSS7.1AI score0.00844EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.6 views

PT-2024-7008

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.4 DOMPurify versions prior to 3.1.3 Description The issue is related to the DOMPurify library, which is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. It has been discovered that...

8.3CVSS7.4AI score0.00844EPSS
Exploits0References26
Rows per page
Query Builder