Lucene search
K

24 matches found

OSV
OSV
added 2026/03/27 8:41 p.m.7 views

GHSA-H8R8-WCCR-V5F2 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization

Description A mutation-XSS mXSS condition was confirmed when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers. The vulnerable wrappers confirmed in browser behavior are script, xmp, iframe, noembed, noframes, and noscript. The payload remains seemingly...

6.9CVSS6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.7 views

dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...

6.1CVSS5.8AI score0.00559EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4245

Malicious code in bioql PyPI...

4.5CVSS6.3AI score0.00559EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-23635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS...

6.1CVSS6.6AI score0.00368EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.9 views

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.2AI score0.00447EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 10:58 p.m.13 views

Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)

Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software4
SUSE CVE
SUSE CVE
added 2025/02/27 2:56 a.m.5 views

SUSE CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.2CVSS6.4AI score0.00559EPSS
Exploits1References4
Veracode
Veracode
added 2025/02/18 6:5 a.m.7 views

Mutation Cross-site Scripting (mXSS)

DOMPurify is vulnerable to mutation cross-site scripting mXSS. The vulnerability is due to an incorrect template literal regular expression in DOMPurify, allows an attacker to execute mutation cross-site scripting mXSS...

6.1CVSS4.5AI score0.00559EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/14 9:31 a.m.23 views

DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.5AI score0.00559EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/02/14 9:15 a.m.3 views

UBUNTU-CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS5.7AI score0.00559EPSS
Exploits1References6
OSV
OSV
added 2025/02/14 12:0 a.m.13 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS4.5AI score0.00559EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/02/14 12:0 a.m.14 views

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.5CVSS4.6AI score0.00559EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/11/12 12:0 a.m.19 views

RHEL 9 : grafana (RHSA-2024:9473)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9473 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob:...

10CVSS7.5AI score0.01127EPSS
Exploits2References6
Veracode
Veracode
added 2024/01/03 11:1 a.m.25 views

Mutation Cross Site Scripting (mXSS)

OWASP AntiSamy is vulnerable to Mutation Cross Site Scripting mXSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy. This issue can be exploited by an attacker by injecting malicious input to execute arbitrary JavaScript...

6.1CVSS6.8AI score0.00447EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/02 8:6 p.m.15 views

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.2AI score0.00447EPSS
Exploits0References3
OSV
OSV
added 2024/01/02 8:6 p.m.45 views

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

6.1CVSS6.3AI score0.00447EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/11/15 6:59 p.m.10 views

CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

6.1CVSS5.3AI score0.00715EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/11/15 6:59 p.m.50 views

CVE-2023-48219

Removed by vendor...

6.1CVSS6.2AI score0.00715EPSS
Exploits0
OSV
OSV
added 2023/11/15 6:32 p.m.7 views

GHSA-V626-R774-J7F8 TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character...

6.1CVSS5.7AI score0.00715EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/10/19 4:36 p.m.47 views

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

6.1CVSS6AI score0.0062EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder