Lucene search
K

45 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-6012

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6011

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6013

Malware in sbrugna...

6.1CVSS6.3AI score0.00679EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.5 views

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS6.4AI score0.00394EPSS
Exploits0Affected Software2
OSV
OSV
added 2025/08/29 6:55 p.m.5 views

MAL-2025-41977 Malicious code in eslint-plugin-react-purify (npm)

The package eslint-plugin-react-purify was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/29 6:55 p.m.5 views

Malicious code in eslint-plugin-react-purify (npm)

The package eslint-plugin-react-purify was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in uber-purify (npm)

The package uber-purify was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.6 views

MAL-2025-37476 Malicious code in uber-purify (npm)

The package uber-purify was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/15 1:14 a.m.6 views

Malicious code in nextjs-package-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0991599608fe8c26ceb79529ca2da64d1dff01f67c36d2cccd92ff994f41fb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/07/02 12:14 p.m.4 views

Malicious code in react-babel-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/07/02 12:14 p.m.3 views

MAL-2025-5575 Malicious code in react-babel-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dff19821615932cec55e91b56b5ef7b8974f053d6ec9dab32417601d23391b52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/06/10 4:32 a.m.2 views

MAL-2025-4904 Malicious code in vite-plugin-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 967c29ab4727c0c9222adf576904d3609dabb81458899c34c58b578e5437cc53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 4:32 a.m.3 views

Malicious code in vite-plugin-purify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 967c29ab4727c0c9222adf576904d3609dabb81458899c34c58b578e5437cc53 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.9 views

CVE-2020-13798

An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...

6.1CVSS6AI score0.00679EPSS
Exploits0
Huntr
Huntr
added 2022/08/17 10:35 a.m.26 views

Cross-site Scripting (XSS) - Stored

Description The application uses Purify to avoid the Cross Site Scripting attack. However, On ApiAddress module from Settings, the customFields is not validated and it's used directly without any encoding or validation on ApiConfigModal.tpl. It allows attacker to inject arbitrary Javascript code ...

4.9CVSS0.3AI score0.00725EPSS
Exploits1
CNVD
CNVD
added 2021/05/07 12:0 a.m.7 views

Highcharts JS Cross-Site Scripting Vulnerability

Highcharts JS is an SVG-based JavaScript charting framework. DOMPurify is a DOM Document Object Model written in JavaScript for HTML, MathML and SVG. A cross-site scripting vulnerability exists in Highcharts JS, which can be exploited by an attacker to execute code in a browser...

7.6CVSS6.2AI score0.00867EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/12/04 8:4 p.m.4 views

egg-html-purify (>=1.0.0 <=1.0.2), think-purify (>=1.0.0 <=1.1.4) potentially affected by unknown CVE via html-purify (=1.1.0)

html-purify NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on html-purify and may be impacted: - egg-html-purify =1.0.0, =1.0.0, =1.1.4 Source cves: unknown CVE Source advisory: OSV:GHSA-5P28-63MC-CGR9...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/12/04 8:4 p.m.38 views

Cross-Site Scripting bypass in html-purify

All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. No fix is currently available. Consider using an alternative package until a fix is made available...

4.6AI score
Exploits0References2Affected Software1
Node.js
Node.js
added 2020/12/04 5:44 p.m.42 views

Cross-Site Scripting bypass

Overview All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. Recommendation No fix is currently available. Consider using an alternative package until a fix is...

6.6AI score
Exploits0Affected Software1
OSV
OSV
added 2020/06/03 10:15 p.m.16 views

CVE-2020-13798

An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php...

6.1CVSS6.1AI score0.00679EPSS
Exploits0References1
Rows per page
Query Builder