Lucene search
K

4 matches found

NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-44665

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 3:24 p.m.33 views

CVE-2026-44665

Summary of CVE-2026-44665 details (from provided sources): The vulnerability affects the fast-xml-builder library, where input data containing quotes in attribute values, if the processEntities flag is not enabled, can cause an attribute value to be split into multiple attributes. This enables an...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 4:29 p.m.5 views

GHSA-5WM8-GMM8-39J9 fast-xml-builder allows attribute values with unwanted quotes to bypass malicious or unwanted attributes

Summary When an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. Detail Malicious Input a: "@attr": '" onClick="alert1' Output x...

8.7CVSS5.8AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39287

Name of the Vulnerable Software and Affected Versions fast-xml-builder versions prior to 1.1.7 Description When input data contains quotes in attribute values and the processEntities flag is disabled, the software incorrectly splits the attribute value into multiple attributes. This allows an...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References6
Rows per page
Query Builder