Lucene search
K

5 matches found

UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.9 views

CVE-2026-41674

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS5.9AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 8:19 p.m.6 views

GHSA-F6WW-3GGP-FR8H xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

8.7CVSS6AI score0.00457EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 8:19 p.m.17 views

xmldom has XML injection through unvalidated DocumentType serialization

Summary The package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any escaping or validation. When these fields are set programmatically to attacker-controlled strings, XMLSerializer.serializeToString can produce output where the DOCTYPE declaration is...

8.7CVSS6AI score0.00457EPSS
Exploits0References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:54 p.m.3 views

CVE-2026-39354

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30976

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask...

6.5CVSS5.9AI score0.00211EPSS
Exploits1References2
Rows per page
Query Builder