10 matches found
CVE-2026-41239
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...
CVE-2026-41240
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...
CVE-2026-41239
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...
CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...
EUVD-2025-30825
Malicious code in bioql PyPI...
GHSA-MM7X-QFJJ-5G2C Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...
RUSTSEC-2025-0071 Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal
Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...
Google Chrome MathML Incorrect Escape Vulnerability
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in versions of Google Chrome prior to 67.0.3396.62, which stems from the program's...