544 matches found
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2096 more potentially affected by CVE-2026-0540 via dompurify (>=3.0.0 <=3.3.1)
dompurify NPM version =3.0.0, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.5.1 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...
@0xgg/echomd (>=1.0.0 <=1.0.4), @7nohe/vite-plugin-vue-marked (=0.2.1) +1092 more potentially affected by CVE-2026-0540 via dompurify (>=2.0.0 <=2.5.8)
dompurify NPM version =2.0.0, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =6.2.3, =6.4.3, =0.0.2, =0.3.0, =0.1.0, =0.1.0-a0, =1.0.0, =0.4.0, =0.0.18, =0.0.29 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...
net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-0540 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)
org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-0540 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15371377...
GHSA-RCPH-X7MJ-54MM NocoDB Vulnerable to Stored Cross-site Scripting via Comments
Summary Comments rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue were parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Commenter role can inject arbitrary HTML that executes for all viewers. Impact Stored...
DOMPurify contains a Cross-site Scripting vulnerability
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex...
DOMPurify contains a Cross-site Scripting vulnerability
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
GHSA-V8JM-5VWX-CFXM DOMPurify contains a Cross-site Scripting vulnerability
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
GHSA-V2WJ-7WPQ-C8VV DOMPurify contains a Cross-site Scripting vulnerability
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex...
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +1891 more potentially affected by CVE-2026-0540 via dompurify (>=3.1.3 <=3.3.1)
dompurify NPM version =3.1.3, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20241106153220, =1.0.0, =4.4.0-rc1, =6.4.23, =6.4.37 and more Source cves: CVE-2026-0540 Source advisory: OSV:GHSA-V2WJ-7WPQ-C8VV...
@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @accelbyte/sdk-legal (>=0.0.0-dev-20241106153220 <=6.3.2) +1027 more potentially affected by CVE-2025-15599 via dompurify (>=3.1.3 <=3.2.6)
dompurify NPM version =3.1.3, =0.18.0-beta.0, =0.0.0-dev-20241106153220, =1.0.0, =4.4.0-rc1, =6.4.23, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.1, =0.1.5-alpha.2, =0.1.1, =0.1.6-alpha.5 and more Source cves: CVE-2025-15599 Source advisory: OSV:GHSA-V8JM-5VWX-CFXM...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2026-0540 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
DEBIAN-CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
CVE-2025-15599
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
DEBIAN-CVE-2025-15599
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
CVE-2025-15599
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
CVE-2025-15599
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...
CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...