CVE-2021-32796

CVE-2021-32796 affects the xmldom library where versions

Oracle Business Intelligence DOMParser XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DOMParser endpoint, which listens on TCP port 9502 by default...

Cross-Site Scripting

Overview Impact In highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options...

Options structure open to Cross-site Scripting if passed unfiltered

Impact In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options would be...

GHSA-8J65-4PCQ-XQ95 Options structure open to Cross-site Scripting if passed unfiltered

Impact In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options would be...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-4756-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4756-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker...

Input validation

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

CVE-2021-21366

CVE-2021-21366 - xmldom : The vulnerability arises from xmldom’s handling of XML when repeatedly parsing and serializing malicious documents, due to improper preservation of system identifiers, FPIs, and namespaces. This can cause unexpected syntactic changes in downstream applications. The issue...

CVE-2021-21366 Misinterpretation of malicious XML input

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

UBUNTU-CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

CVE-2021-23974

CVE-2021-23974 affects Mozilla Firefox earlier than version 86. The root cause is improper handling of elements by the DOMParser API, enabling a mXSS vector that could bypass HTML sanitizers. Affected/related advisories (e.g., MFSA2021-07) confirm the DOMParser issue among Firefox vulnerabilitie...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

Cross-site Scripting(XSS)

firefox is vulnerable to cross-site scripting The DOMParser API did not properly process elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer...

Mozilla Firefox < 86.0

The version of Firefox installed on the remote Windows host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bugs present ...

Mozilla Firefox < 86.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-07 advisory. - Mozilla developers Tyson Smith, Lars T Hansen, Valentin Gosu, and Sebastian Hengst reported memory safety bug...

XML External Entities (XXE)

saml-client is vulnerable to XML external entities XXE. The vulnerability exists as DISALLOWDOCTYPEDECLFEATURE was not enabled when creating the DOMParser object...