243 matches found
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...
Linux Distros Unpatched Vulnerability : CVE-2026-54267
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...
DEBIAN-CVE-2026-54267
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2026-54267
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2026-54267
Summary: Angular’s SSR hydration uses a state element with a predictable id (ng-state). In versions prior to 22.0.1, 21.2.17, and 20.3.25, an attacker could DOM-clobber by injecting an element with that id before the legitimate [removed] tag is parsed, causing Angular to parse forged JSON from Tr...
EUVD-2026-38271
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...
CVE-2026-42573
A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...
GHSA-RGJC-H3X7-9MWG Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...
CVE-2026-42573
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...
CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...
EUVD-2026-35701
Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...
CVE-2026-42573
CVE-2026-42573 (Svelte) describes a DOM clobbering vulnerability in Svelte prior to version 5.55.7, where internal framework state can be overwritten on elements, potentially enabling Cross-Site Scripting (XSS). The issue has been fixed in 5.55.7. Affected scope : Svelte versions before 5.55.7 (a...
Astra Linux – Vulnerability in Firefox
Firefox adds web-compatibility shims as a replacement for some tracking scripts that are blocked by Enhanced Tracking Protection. On a site protected by the Content Security Policy in “strict-dynamic” mode, an attacker who can inject an HTML element could use a DOM Clobbering attack on some of th...
CVE-2026-8492 Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035
Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...
CVE-2026-8492
The CVE-2026-8492 issue concerns the GTranslate/Translate Drupal module for Drupal, where a MAID vulnerability allows Resource Location Spoofing. The root cause is inadequate validation in the module’s language-switcher widget JavaScript, specifically around document.currentScript, which can caus...
GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...