Lucene search
K

544 matches found

CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 3.2.4, which stems from the presence of incorrect template literal regular expressions that can lead to mutant...

6.1CVSS5.9AI score0.00559EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 8:44 p.m.14 views

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a...

7.3CVSS7.8AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...

7.3CVSS7.8AI score0.00844EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.13 views

Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.28 / 5.12.x < 5.12.15 / 5.17.x < 5.17.4 / 10.0.x < 10.1.1 XSS (JSDSERVER-15689)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15689 advisory. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has be...

7.3CVSS6.6AI score0.00844EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/10 12:0 a.m.16 views

Atlassian Jira 9.4.x < 9.4.28 / 9.12.x < 9.12.15 / 9.17.x < 9.17.4 / 10.0.x < 10.1.1 XSS (JRASERVER-78199)

The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-78199 advisory. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesti...

7.3CVSS6.6AI score0.00844EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/12/17 12:29 p.m.125 views

Exploit for CVE-2024-54160

CVE-2024-54160-Opensearch-HTML-Injection + Stored XSS It w...

6.4CVSS5.5AI score0.00557EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.20 views

SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...

10CVSS7.5AI score0.06287EPSS
Exploits6References7
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.6 views

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. This vulnerability allows attackers to execute cross-site scripting attacks.

The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. Exploiting this vulnerability can allow a remote attacker to execute cross-site scripting attacks...

10CVSS6.4AI score0.01093EPSS
Exploits2References5Affected Software2
OSV
OSV
added 2024/12/09 8:38 p.m.8 views

GHSA-6VX4-V2JW-QWQH Trix editor subject to XSS vulnerabilities on copy & paste

The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...

5.1CVSS6AI score0.00435EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/09 8:38 p.m.17 views

Trix editor subject to XSS vulnerabilities on copy & paste

The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...

5.1CVSS6.4AI score0.00435EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/12/09 7:15 p.m.11 views

CVE-2024-53847

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 6:49 p.m.5 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.8AI score0.00435EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/09 6:49 p.m.18 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS0.00435EPSS
Exploits0References2
OSV
OSV
added 2024/12/09 6:49 p.m.7 views

CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.7AI score0.00435EPSS
Exploits0References4
Redos
Redos
added 2024/12/09 12:0 a.m.8 views

ROS-20241209-04

A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...

10CVSS6.2AI score0.01093EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/12/03 4:20 p.m.4 views

dompurify: XSS vulnerability via prototype pollution

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks...

7.3CVSS6.5AI score0.00844EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 12:54 p.m.29 views

Security Bulletin: BM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-47875)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify as a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolera...

10CVSS9AI score0.01093EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 12:53 p.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...

7.3CVSS7.7AI score0.00844EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/22 1:6 a.m.37 views

Important: Red Hat Security Advisory: ACS 4.5 enhancement update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9.8CVSS6.8AI score0.01952EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2024/11/13 6:34 p.m.19 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

10CVSS6.7AI score0.01364EPSS
Exploits2References20
Rows per page
Query Builder