10 matches found
EUVD-2025-5081
Malicious code in bioql PyPI...
@lume/element (>=0.1.2 <=0.5.6), @lume/variable (>=0.1.1 <=0.6.1) +3 more potentially affected by CVE-2025-27108 via dom-expressions (>=0.19.10 <=0.36.18)
dom-expressions NPM version =0.19.10, =0.1.2, =0.1.1, =0.20.0, =0.29.1 - @xsolid/dom =0.0.0-alpha.0 - webfps =1.4.0 Source cves: CVE-2025-27108 Source advisory: OSV:GHSA-HW62-58PR-7WC5...
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
CVE-2025-27108
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108
CVE-2025-27108 affects dom-expressions. The vulnerability arises from using JavaScript String.replace with special replacement patterns (notably $' and $�60) when injecting assets into HTML headers via solid-meta, where user-controlled attributes (Meta tags) can be manipulated to achieve XSS. Thi...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
PT-2025-7633 · Unknown · Dom-Expressions
Name of the Vulnerable Software and Affected Versions: dom-expressions versions prior to 0.39.5 Description: The issue arises from the use of JavaScript's .replace function, which opens up to potential Cross-site Scripting XSS vulnerabilities with special replacement patterns beginning with $...