Lucene search
K

544 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-45801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting...

7.3CVSS6.5AI score0.00844EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/27 2:56 a.m.3 views

SUSE CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.2CVSS6.4AI score0.00559EPSS
Exploits1References4
Veracode
Veracode
added 2025/02/18 6:5 a.m.6 views

Mutation Cross-site Scripting (mXSS)

DOMPurify is vulnerable to mutation cross-site scripting mXSS. The vulnerability is due to an incorrect template literal regular expression in DOMPurify, allows an attacker to execute mutation cross-site scripting mXSS...

6.1CVSS4.5AI score0.00559EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/16 12:24 a.m.12 views

CVE-2025-26791

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...

4.5CVSS6.4AI score0.00559EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2025/02/14 9:31 a.m.21 views

DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.5AI score0.00559EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2025/02/14 9:31 a.m.5 views

011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +10207 more potentially affected by CVE-2025-26791 via dompurify (>=0.6.6 <=3.2.3)

dompurify NPM version =0.6.6, =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...

6.1CVSS6.4AI score0.00559EPSS
Exploits1
OSV
OSV
added 2025/02/14 9:31 a.m.4 views

GHSA-VHXF-7VQR-MRJG DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS6.7AI score0.00559EPSS
Exploits1References6
NVD
NVD
added 2025/02/14 9:15 a.m.18 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS0.00559EPSS
Exploits1References4
OSV
OSV
added 2025/02/14 9:15 a.m.2 views

DEBIAN-CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.9AI score0.00559EPSS
Exploits1References1
OSV
OSV
added 2025/02/14 9:15 a.m.12 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS4.5AI score
Exploits0References4
OSV
OSV
added 2025/02/14 9:15 a.m.1 views

UBUNTU-CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.7AI score0.00559EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2025/02/14 8:52 a.m.6 views

org.webjars.npm:monaco-editor (=0.54.0) potentially affected by CVE-2025-26791 via org.webjars.npm:dompurify (=3.1.7)

org.webjars.npm:dompurify MAVEN version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:dompurify and may be impacted: - org.webjars.npm:monaco-editor =0.54.0 Source cves: CVE-2025-26791 Source advisory:...

6.1CVSS6.7AI score0.00559EPSS
Exploits1
Snyk
Snyk
added 2025/02/14 8:52 a.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.cure53:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the...

6.1CVSS7.8AI score0.00559EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/14 8:52 a.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.bower:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the script by...

6.1CVSS5.3AI score0.00559EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/14 8:52 a.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the script by...

6.1CVSS5.3AI score0.00559EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/14 12:0 a.m.8 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS0.00559EPSS
Exploits1References4
CVE
CVE
added 2025/02/14 12:0 a.m.352 views

CVE-2025-26791

DOMPurify is affected by an mXSS flaw in which an incorrect template-literal regular expression in versions before 3.2.4 can lead to mutation cross-site scripting. The CVE-2025-26791 entry is referenced across IBM notices for IBM Db2 Data Management Console, IBM Watson-related products, and other...

6.1CVSS6.4AI score0.00559EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.5 views

PT-2025-7240

Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 3.2.4 Description: The issue is related to an incorrect template literal regular expression in DOMPurify, which can lead to mutation cross-site scripting mXSS. Recommendations: For versions prior to 3.2.4, update t...

4.5CVSS6.8AI score0.00559EPSS
Exploits1References22
Vulnrichment
Vulnrichment
added 2025/02/14 12:0 a.m.14 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS4.6AI score0.00559EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/02/14 12:0 a.m.8 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.9AI score0.00559EPSS
Exploits1
Rows per page
Query Builder