CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

DOMSanitizer 安全漏洞

DOMSanitizer is a security operation or filter developed by Andy Miller as an individual contributor for the DOM Document Object Model. Versions of DOMSanitizer prior to 1.0.10 contained security vulnerabilities, which were caused by insufficient checks on the content of the style element in SVG...

EUVD-2023-2848

Malicious code in bioql PyPI...

CVE-2023-49146

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

Cross Site Scripting (XSS)

DOMSanitizer is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper sanitization of HTML comments in DOMSanitizer.php. This could allow an attacker to inject malicious code via a HTML comment...

Cross-site Scripting in DOMSanitizer

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

GHSA-2GHM-R75J-PJX2 Cross-site Scripting in DOMSanitizer

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

CVE-2023-49146

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

CVE-2023-49146

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

Design/Logic Flaw

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

CVE-2023-49146

DOMSanitizer aka dom-sanitizer before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions...

PT-2023-31065 · Unknown · Domsanitizer

Name of the Vulnerable Software and Affected Versions: DOMSanitizer versions prior to 1.0.7 Description: The issue arises from the mishandling of comments and the use of greedy regular expressions in SVG documents, leading to a potential XSS attack. Recommendations: For versions prior to 1.0.7,...

DOMSanitizer Security Vulnerability

DOMSanitizer is a DOM Document Object Model security operation or filter by Andy Miller, a personal developer. A security vulnerability exists in versions of DOMSanitizer prior to 1.0.7 that stems from mishandling of annotations and greedy regular expressions, allowing cross-site scripting XSS...

CVE-2023-49146

DOMSanitizer (dom-sanitizer) before 1.0.7 is vulnerable to XSS via an SVG document due to mishandling of comments and greedy regular expressions. The fix is in 1.0.7 (see commit c2a98f27… and 1.0.6…1.0.7 comparison). Impact: potential XSS in contexts using DOMSanitizer prior to 1.0.7. Remediation...