45 matches found
EUVD-2020-6012
Malware in sbrugna...
EUVD-2020-6011
Malware in sbrugna...
EUVD-2020-6013
Malware in sbrugna...
Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
MAL-2025-41977 Malicious code in eslint-plugin-react-purify (npm)
The package eslint-plugin-react-purify was found to contain malicious code...
Malicious code in eslint-plugin-react-purify (npm)
The package eslint-plugin-react-purify was found to contain malicious code...
Malicious code in uber-purify (npm)
The package uber-purify was found to contain malicious code...
MAL-2025-37476 Malicious code in uber-purify (npm)
The package uber-purify was found to contain malicious code...
Malicious code in nextjs-package-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0991599608fe8c26ceb79529ca2da64d1dff01f67c36d2cccd92ff994f41fb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-babel-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5575 Malicious code in react-babel-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4904 Malicious code in vite-plugin-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 967c29ab4727c0c9222adf576904d3609dabb81458899c34c58b578e5437cc53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vite-plugin-purify (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 967c29ab4727c0c9222adf576904d3609dabb81458899c34c58b578e5437cc53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2020-13798
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...
Cross-site Scripting (XSS) - Stored
Description The application uses Purify to avoid the Cross Site Scripting attack. However, On ApiAddress module from Settings, the customFields is not validated and it's used directly without any encoding or validation on ApiConfigModal.tpl. It allows attacker to inject arbitrary Javascript code ...
Highcharts JS Cross-Site Scripting Vulnerability
Highcharts JS is an SVG-based JavaScript charting framework. DOMPurify is a DOM Document Object Model written in JavaScript for HTML, MathML and SVG. A cross-site scripting vulnerability exists in Highcharts JS, which can be exploited by an attacker to execute code in a browser...
egg-html-purify (>=1.0.0 <=1.0.2), think-purify (>=1.0.0 <=1.1.4) potentially affected by unknown CVE via html-purify (=1.1.0)
html-purify NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on html-purify and may be impacted: - egg-html-purify =1.0.0, =1.0.0, =1.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-5P28-63MC-CGR9...
Cross-Site Scripting bypass in html-purify
All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. No fix is currently available. Consider using an alternative package until a fix is made available...
Cross-Site Scripting bypass
Overview All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. Recommendation No fix is currently available. Consider using an alternative package until a fix is...
CVE-2020-13798
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...