CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

174 matches found

CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00062EPSS

Exploits0References3

EUVD•added yesterday•4 views

EUVD-2026-38291

8.6CVSS5.9AI score0.00062EPSS

Exploits0References3

CVE•added yesterday•6 views

CVE-2026-50556

Summary: CVE-2026-50556 affects Angular SSR via @angular/platform-server using domino for DOM emulation. The serializer omits escaping, allowing bound dynamic text inside to produce an unescaped closing tag that can inject a [removed] and cause same-origin XSS under SSR. What is affected: Angul...

8.6CVSS5.9AI score0.00062EPSS

Exploits0References3

Cvelist•added yesterday•11 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

8.6CVSS0.00062EPSS

Exploits0References3

NVD•added 3 days ago•7 views

CVE-2026-56317

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS

Exploits0References4

Positive Technologies•added 3 days ago•9 views

PT-2026-51143

Name of the Vulnerable Software and Affected Versions Nuxt versions prior to 4.4.7 Nuxt versions prior to 3.21.7 Description A cross-site scripting issue exists in the NoScript component, which writes slot content to innerHTML without proper escaping. This allows attackers to inject malicious...

2.3CVSS5.8AI score

Exploits0References8

Snyk•added last week•2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NoScript component when untrusted input is interpolated into its slot content. An attacker can inject malicious HTML or scripts by supplying specially crafted data that is rendered unescaped in the...

8.3CVSS6AI score

Exploits0References2

OSV•added 2026/06/15 5:21 p.m.•3 views

GHSA-GXX4-3XCV-F8QX @angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

8.6CVSS5.5AI score0.00062EPSS

Exploits0References4

Github Security Blog•added 2026/06/15 5:21 p.m.•6 views

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

8.6CVSS5.4AI score0.00062EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/06/15 12:0 a.m.•7 views

PT-2026-49566

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the DOM emulation dependency domino used by...

8.6CVSS5.9AI score0.00062EPSS

Exploits0References6

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Firefox

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox versions earlier than 86...

6.1CVSS6.9AI score0.00753EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/08 10:42 a.m.•6 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in OWASP Java HTML Sanitizer via HtmlPolicyBuilder noscript/style Tags (v20240325.1), affects watsonx.data

Summary A vulnerability in OWASP Java HTML Sanitizer v20240325.1 allows Cross-Site Scripting XSS when HtmlPolicyBuilder permits noscript or style tags with allowTextIn. Unsanitized CSS or unexpected tags can be exploited by attackers. No patch is available at the time of this publication. This ca...

8.6CVSS5.9AI score0.00217EPSS

Exploits1Affected Software1

Packet Storm•added 2026/03/09 12:0 a.m.•132 views

📄 DOMPurify 3.13 Cross Site Scripting

A mutation cross site scripting vulnerability exists in DOMPurify versions 3.1.3 and below when the SAFEFORXML configuration is enabled. ============================================================================================================================================= | Title : DOMPurif...

5.3AI score

Exploits0

Ubuntu•added 2026/03/05 4:4 p.m.•6 views

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

9.8CVSS5.5AI score0.02229EPSS

Exploits4

OSV•added 2026/03/05 4:4 p.m.•4 views

USN-8077-1 python-bleach vulnerabilities

9.8CVSS5.4AI score0.02229EPSS

Exploits4References6

Snyk•added 2026/03/03 9:44 p.m.•3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML noscript, xmp, noembed, noframes, and iframe attributes containing...

6.1CVSS5.5AI score0.00284EPSS

Exploits0References2

Snyk•added 2026/03/03 9:44 p.m.•5 views

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML noscript, xmp, noembed, noframes, and iframe attributes containing scripts. Details...

6.1CVSS5.5AI score0.00284EPSS

Exploits0References2

OSV•added 2026/03/03 6:16 p.m.•4 views

DEBIAN-CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

5.3CVSS7.5AI score0.00284EPSS

Exploits0References1

NVD•added 2026/03/03 6:16 p.m.•8 views

CVE-2026-0540

6.1CVSS0.00284EPSS

Exploits0References5

EUVD•added 2026/03/03 5:26 p.m.•3 views

EUVD-2026-9303

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 729097f, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS5.9AI score0.00284EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by