Lucene search
K

84 matches found

NVD
NVD
added 2026/07/01 9:17 p.m.8 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 8:35 p.m.36 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:35 p.m.20 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54911

Name of the Vulnerable Software and Affected Versions Jodit Editor versions prior to 4.12.28 Description The built-in clean-html sanitizer can be bypassed using a MathML/ carrier. This technique hides dangerous elements from the sanitizer's element walk, allowing no-interaction event handlers to...

7.2CVSS5.9AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 12:6 a.m.7 views

GHSA-R758-8HXW-4845 justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

2.1CVSS5.7AI score
Exploits0References4
Ubuntu
Ubuntu
added 2026/03/05 4:4 p.m.11 views

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS5.5AI score0.02229EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/02/03 7:22 p.m.14 views

HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.9 views

CVE-2024-41677

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS5.8AI score0.00469EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.9 views

CVE-2019-20374

A mutation cross-site scripting XSS issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML...

9.6CVSS6.9AI score0.023EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:57 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS6.2AI score0.00583EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0055

Malware in sbrugna...

6.1CVSS7.6AI score0.01301EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19700

Malware in sbrugna...

9.6CVSS9.1AI score0.01884EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-0054

Malware in sbrugna...

6.1CVSS7.6AI score0.01688EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-3438

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00444EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2023-2788

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00473EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2469

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00469EPSS
Exploits1References5
RustSec
RustSec
added 2025/09/21 12:0 p.m.10 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

6.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-26870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a...

6.1CVSS6.7AI score0.04881EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.8 views

CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.4 views

CVE-2024-53847

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.5AI score0.00444EPSS
Exploits0References1
Rows per page
Query Builder