544 matches found
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 3.2.4, which stems from the presence of incorrect template literal regular expressions that can lead to mutant...
Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a...
Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)
Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...
Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.28 / 5.12.x < 5.12.15 / 5.17.x < 5.17.4 / 10.0.x < 10.1.1 XSS (JSDSERVER-15689)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15689 advisory. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has be...
Atlassian Jira 9.4.x < 9.4.28 / 9.12.x < 9.12.15 / 9.17.x < 9.17.4 / 10.0.x < 10.1.1 XSS (JRASERVER-78199)
The version of Atlassian Jira Server running on the remote host is affected by a vulnerability as referenced in the JRASERVER-78199 advisory. - DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesti...
Exploit for CVE-2024-54160
CVE-2024-54160-Opensearch-HTML-Injection + Stored XSS It w...
SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities
The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...
The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. This vulnerability allows attackers to execute cross-site scripting attacks.
The vulnerability of the JavaScript library for secure cleaning and protection of HTML code, DOMPurify, is related to deficiencies in the validation of input data containing XSS attack indicators. Exploiting this vulnerability can allow a remote attacker to execute cross-site scripting attacks...
GHSA-6VX4-V2JW-QWQH Trix editor subject to XSS vulnerabilities on copy & paste
The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...
Trix editor subject to XSS vulnerabilities on copy & paste
The Trix editor, in versions prior to 2.1.9 and 1.3.3, is vulnerable to XSS + mutation XSS attacks when pasting malicious code. Impact An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially...
CVE-2024-53847
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
CVE-2024-53847 Trix vulnerable to Cross-site Scripting on copy & paste
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...
ROS-20241209-04
A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...
dompurify: XSS vulnerability via prototype pollution
A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks...
Security Bulletin: BM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-47875)
Summary IBM Sterling Connect:Direct Web Services uses DOMPurify as a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolera...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)
Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...
Important: Red Hat Security Advisory: ACS 4.5 enhancement update
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...