Lucene search
K

545 matches found

GithubExploit
GithubExploit
added 2026/06/03 5:20 p.m.72 views

Exploit for Prototype Pollution in Cure53 Dompurify

DOMPurify re-clone bypass. Instead of relying on easily str...

9.8CVSS7AI score0.01176EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/03 5:20 p.m.80 views

Exploit for Prototype Pollution in Cure53 Dompurify

No d...

9.8CVSS7.1AI score0.01176EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:19 a.m.19 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.00469EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.10 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS6AI score0.00263EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.15 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

10CVSS7AI score0.01735EPSS
Exploits6References14
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 3:33 p.m.10 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 3:31 p.m.9 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 4:29 p.m.16 views

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

7.5CVSS6.6AI score0.00486EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 4:7 p.m.10 views

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify...

9.8CVSS7.2AI score0.00978EPSS
Exploits2Affected Software1
Snyk
Snyk
added 2026/06/01 2:7 p.m.6 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...

8.2CVSS5.7AI score0.00035EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/01 2:7 p.m.151 views

DOMPurify XSS via selectedcontent re-clone

Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...

5.8AI score0.00035EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/06/01 2:7 p.m.5 views

@leav/ui (>=1.13.0-0ceda52e <=1.14.0-667fe1ca) potentially affected by CVE-2026-47423 via dompurify (=3.4.4)

dompurify NPM version =3.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - @leav/ui =1.13.0-0ceda52e, =1.14.0-667fe1ca Source cves: CVE-2026-47423 Source advisory: OSV:GHSA-87XG-PXX2-7HVX...

5.5AI score0.00035EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 2:7 p.m.7 views

@leav/ui (>=1.13.0-0ceda52e <=1.14.0-667fe1ca) potentially affected by CVE-2026-47423 via dompurify (=3.4.4)

dompurify NPM version =3.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - @leav/ui =1.13.0-0ceda52e, =1.14.0-667fe1ca Source cves: CVE-2026-47423 Source advisory: SNYK:JS-DOMPURIFY-17119837...

5.5AI score0.00035EPSS
Exploits0
Snyk
Snyk
added 2026/06/01 2:7 p.m.5 views

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into HTML, triggerin...

8.2CVSS5.7AI score0.00035EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 2:7 p.m.5 views

GHSA-87XG-PXX2-7HVX DOMPurify XSS via selectedcontent re-clone

Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...

8.2CVSS5.8AI score0.00035EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 12:17 p.m.24 views

Security Bulletin: There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41238)

Summary There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:14 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41238...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/31 1:35 a.m.16 views

SUSE CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS5.7AI score0.00263EPSS
Exploits1References2
Veeam
Veeam
added 2026/05/27 12:0 a.m.19 views

List of Security Fixes and Improvements in Veeam ONE

Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam ONE. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help them make an informed...

5.8AI score
Exploits0
Circl
Circl
added 2026/05/26 4:3 p.m.5 views

CVE-2026-49459

creationtimestamp| type| source ---|---|--- 2026-05-26 16:03:05+00:00| published-proof-of-concept| https://github.com/cure53/DOMPurify/security/advisories/GHSA-r47g-fvhr-h676...

5AI score0.00042EPSS
Exploits0References1
Rows per page
Query Builder