CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

PT-2026-49581

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An issue in the @angular/compiler package allows bypassing DOM property sanitization when using two-way property bindings. When a...

EUVD-2012-4152

Malware in sbrugna...

EUVD-2000-0265

Malware in sbrugna...

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: … const div = document.querySelector'divfoo=bar'; console.logdiv.getAttribute'foo'; // 'bar' console.logdiv.foo; // undefined div.foo = 'hell...

Mozilla Thunderbird < 17.0 Multiple Vulnerabilities

Binary data 6627.prm...

Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 16.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-5842, CVE-2012-5843 - An error exists in the...

seamonkey security update

CentOS Errata and Security Advisory CESA-2010:0810 Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS...

Design/Logic Flaw

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the 1 .documentURI or 2 .textContent DOM properties...

CVE-2000-0266

The CVE-2000-0266 entry describes a vulnerability in Internet Explorer 5.01 where a malicious applet can bypass the cross-frame security policy by interacting with the Java JSObject to modify DOM properties, allowing an IFRAME to load an arbitrary JavaScript URL. This reveals a client-side cross-...

CVE-2000-0266

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...