GHSA-H8R8-WCCR-V5F2 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization

Description A mutation-XSS mXSS condition was confirmed when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers. The vulnerable wrappers confirmed in browser behavior are script, xmp, iframe, noembed, noframes, and noscript. The payload remains seemingly...

EUVD-2025-4245

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-23635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS...

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)

Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...

Mutation Cross-site Scripting (mXSS)

DOMPurify is vulnerable to mutation cross-site scripting mXSS. The vulnerability is due to an incorrect template literal regular expression in DOMPurify, allows an attacker to execute mutation cross-site scripting mXSS...

DOMPurify allows Cross-site Scripting (XSS)

DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

UBUNTU-CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

RHEL 9 : grafana (RHSA-2024:9473)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9473 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: encoding/gob:...

Mutation Cross Site Scripting (mXSS)

OWASP AntiSamy is vulnerable to Mutation Cross Site Scripting mXSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy. This issue can be exploited by an attacker by injecting malicious input to execute arbitrary JavaScript...

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

CVE-2023-48219 Special characters in unescaped text nodes can trigger mXSS in TinyMCE

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

CVE-2023-48219

Removed by vendor...

TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin

Impact A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If t...

DEBIAN-CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

CVE-2021-29996

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...

Cross-Site Scripting in google-closure-library

Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting. Recommendation...