Lucene search
K

545 matches found

CNNVD
CNNVD
added 2024/10/11 12:0 a.m.2 views

DOMPurify 跨站脚本漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A cross-site scripting vulnerability exists in DOMPurify versions prior to 2.5.0 and prior to 3.1.3, which stems from vulnerability to cross-site scripting attacks...

10CVSS7.9AI score0.01093EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.8 views

PT-2024-6805

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.0 DOMPurify versions prior to 3.1.3 Description The issue is related to insufficient input validation in the DOMPurify JavaScript library, which can lead to a cross-site scripting XSS attack. This vulnerability...

10CVSS7.8AI score0.54024EPSS
Exploits30References118
RedHat Linux
RedHat Linux
added 2024/10/07 1:12 a.m.26 views

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.3CVSS6.7AI score0.00897EPSS
Exploits1References3
Veracode
Veracode
added 2024/10/01 10:1 a.m.3 views

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/01 12:8 a.m.3 views

Malicious code in express-dompurify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c91e7d551e697c3ae72eea274492e2bb8c59b0a5fabfff62717660304264ceae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/10/01 12:8 a.m.3 views

MAL-2024-9052 Malicious code in express-dompurify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c91e7d551e697c3ae72eea274492e2bb8c59b0a5fabfff62717660304264ceae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veracode
Veracode
added 2024/09/17 4:15 a.m.11 views

Cross Site Scripting(XSS)

DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...

7.3CVSS6.7AI score0.00844EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2024/09/16 9:11 p.m.229 views

CVE-2024-45801

A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...

7CVSS5.5AI score0.00844EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/09/16 8:34 p.m.10 views

@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +291 more potentially affected by CVE-2024-45801 via dompurify (>=3.0.0 <=3.1.2)

dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...

7.3CVSS7.1AI score0.00844EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/09/16 8:34 p.m.9 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1335 more potentially affected by CVE-2024-45801 via dompurify (>=0.6.6 <=2.5.0)

dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.3.0, =0.1.0, =0.1.0-a0, =1.1.0 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...

7.3CVSS7.1AI score0.00844EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/09/16 8:34 p.m.142 views

DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

7.3CVSS6AI score0.00844EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/16 8:34 p.m.11 views

GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...

8.3CVSS7AI score0.00844EPSS
Exploits0References5
NVD
NVD
added 2024/09/16 7:16 p.m.42 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
OSV
OSV
added 2024/09/16 7:16 p.m.2 views

DEBIAN-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

6.1CVSS6.6AI score0.00844EPSS
Exploits0References1
OSV
OSV
added 2024/09/16 7:16 p.m.2 views

UBUNTU-CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.5AI score0.00844EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/09/16 6:25 p.m.28 views

CVE-2024-45801

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.6AI score0.00844EPSS
Exploits0
CVE
CVE
added 2024/09/16 6:25 p.m.652 views

CVE-2024-45801

CVE-2024-45801 – DOMPurify prototype pollution/XSS issue : DOMPurify can bypass depth checks via special nesting and, separately, through prototype pollution weakening depth validation. The GHSA advisory details a prototype-pollution chain where Object.prototype.tagNameCheck and Object.prototype....

7.3CVSS6.7AI score0.00844EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/09/16 6:25 p.m.29 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS0.00844EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/16 6:25 p.m.24 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS5.3AI score0.00844EPSS
Exploits0References3
OSV
OSV
added 2024/09/16 6:25 p.m.24 views

CVE-2024-45801 Tampering by prototype polution in DOMPurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...

7.3CVSS6.8AI score0.00844EPSS
Exploits0References5
Rows per page
Query Builder