545 matches found
DOMPurify 跨站脚本漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A cross-site scripting vulnerability exists in DOMPurify versions prior to 2.5.0 and prior to 3.1.3, which stems from vulnerability to cross-site scripting attacks...
PT-2024-6805
Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.0 DOMPurify versions prior to 3.1.3 Description The issue is related to insufficient input validation in the DOMPurify JavaScript library, which can lead to a cross-site scripting XSS attack. This vulnerability...
Moderate: Red Hat Security Advisory: Red Hat build of Cryostat security update
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Cross-site Scripting (XSS)
github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...
Malicious code in express-dompurify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c91e7d551e697c3ae72eea274492e2bb8c59b0a5fabfff62717660304264ceae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9052 Malicious code in express-dompurify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c91e7d551e697c3ae72eea274492e2bb8c59b0a5fabfff62717660304264ceae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross Site Scripting(XSS)
DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper depth checking, which can be bypassed through special HTML nesting techniques and prototype pollution, allowing an attacker to execute malicious scripts in the victim's browser...
CVE-2024-45801
A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks. Mitigation Mitigation for this issue is either not available or the...
@3t-transform/threeteeui (>=1.5.1 <=1.10.0), @accelbyte/sdk-legal (>=0.0.0-dev-20240828032938 <=6.0.2) +291 more potentially affected by CVE-2024-45801 via dompurify (>=3.0.0 <=3.1.2)
dompurify NPM version =3.0.0, =1.5.1, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =6.4.10, =5.1.1, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.1, =0.0.0-nightly-2022042277, =0.9.4-next.2 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...
@0xgg/echomd (>=1.0.0 <=1.0.4), @5lions/library-registry-admin (=0.0.0) +1335 more potentially affected by CVE-2024-45801 via dompurify (>=0.6.6 <=2.5.0)
dompurify NPM version =0.6.6, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.13, =3.0.0, =2.2.0, =6.4.3, =0.0.2, =1.0.1, =0.6.0, =0.3.0, =0.1.0, =0.1.0-a0, =1.1.0 and more Source cves: CVE-2024-45801 Source advisory: OSV:GHSA-MMHX-HMJR-R674...
DOMPurify allows tampering by prototype pollution
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...
GHSA-MMHX-HMJR-R674 DOMPurify allows tampering by prototype pollution
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by...
CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
DEBIAN-CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
UBUNTU-CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801
CVE-2024-45801 – DOMPurify prototype pollution/XSS issue : DOMPurify can bypass depth checks via special nesting and, separately, through prototype pollution weakening depth validation. The GHSA advisory details a prototype-pollution chain where Object.prototype.tagNameCheck and Object.prototype....
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
CVE-2024-45801 Tampering by prototype polution in DOMPurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...