Lucene search
K

544 matches found

vulnersOsv
vulnersOsv
added 2026/03/03 9:44 p.m.6 views

1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2096 more potentially affected by CVE-2026-0540 via dompurify (>=3.0.0 <=3.3.1)

dompurify NPM version =3.0.0, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.5.1 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...

6.1CVSS7.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 9:44 p.m.6 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @7nohe/vite-plugin-vue-marked (=0.2.1) +1092 more potentially affected by CVE-2026-0540 via dompurify (>=2.0.0 <=2.5.8)

dompurify NPM version =2.0.0, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =6.2.3, =6.4.3, =0.0.2, =0.3.0, =0.1.0, =0.1.0-a0, =1.0.0, =0.4.0, =0.0.18, =0.0.29 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...

6.1CVSS7.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 9:44 p.m.9 views

net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-0540 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)

org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-0540 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15371377...

6.1CVSS7.2AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/03/03 8:59 p.m.5 views

GHSA-RCPH-X7MJ-54MM NocoDB Vulnerable to Stored Cross-site Scripting via Comments

Summary Comments rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue were parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Commenter role can inject arbitrary HTML that executes for all viewers. Impact Stored...

5.3CVSS6AI score0.00179EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 p.m.20 views

DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex...

6.1CVSS5.9AI score0.0034EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 p.m.6 views

DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/03 6:31 p.m.1 views

GHSA-V8JM-5VWX-CFXM DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.9AI score0.00245EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 6:31 p.m.6 views

GHSA-V2WJ-7WPQ-C8VV DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex...

6.1CVSS6AI score0.0034EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/03/03 6:31 p.m.6 views

1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +1891 more potentially affected by CVE-2026-0540 via dompurify (>=3.1.3 <=3.3.1)

dompurify NPM version =3.1.3, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20241106153220, =1.0.0, =4.4.0-rc1, =6.4.23, =6.4.37 and more Source cves: CVE-2026-0540 Source advisory: OSV:GHSA-V2WJ-7WPQ-C8VV...

6.1CVSS7.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 6:31 p.m.8 views

@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @accelbyte/sdk-legal (>=0.0.0-dev-20241106153220 <=6.3.2) +1027 more potentially affected by CVE-2025-15599 via dompurify (>=3.1.3 <=3.2.6)

dompurify NPM version =3.1.3, =0.18.0-beta.0, =0.0.0-dev-20241106153220, =1.0.0, =4.4.0-rc1, =6.4.23, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.1, =0.1.5-alpha.2, =0.1.1, =0.1.6-alpha.5 and more Source cves: CVE-2025-15599 Source advisory: OSV:GHSA-V8JM-5VWX-CFXM...

6.1CVSS5.4AI score0.00245EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 6:31 p.m.6 views

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2026-0540 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

6.1CVSS7.4AI score0.0034EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 6:31 p.m.6 views

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

6.1CVSS5.4AI score0.00245EPSS
Exploits0
NVD
NVD
added 2026/03/03 6:16 p.m.11 views

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS0.0034EPSS
Exploits0References5
OSV
OSV
added 2026/03/03 6:16 p.m.4 views

DEBIAN-CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

5.3CVSS7.5AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 6:16 p.m.16 views

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

5.1CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/03/03 6:16 p.m.6 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS0.00245EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 6:16 p.m.2 views

DEBIAN-CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

5.1CVSS5AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 6:16 p.m.12 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

5.1CVSS5.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/03 6:16 p.m.8 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.9AI score0.00245EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/03 6:16 p.m.7 views

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS7.2AI score0.0034EPSS
Exploits0References4
Rows per page
Query Builder