Lucene search
K

30 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00167EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:37 p.m.3 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 3:37 p.m.19 views

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

8.6CVSS6AI score0.00167EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 5:20 p.m.4 views

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.5AI score0.00167EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 5:20 p.m.9 views

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.4AI score0.00167EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49565

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the domino DOM emulation dependency of...

8.6CVSS6AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 7:6 p.m.12 views

EUVD-2026-35191

TYPO3 HTML Sanitizer allows Cross-site Scripting...

2.1CVSS5.1AI score0.00282EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/12 7:6 p.m.11 views

TYPO3 HTML Sanitizer allows Cross-site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS4.9AI score0.00282EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/12 7:6 p.m.10 views

GHSA-JVF5-RXVV-3MCG TYPO3 HTML Sanitizer allows Cross-site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5AI score0.00282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 8:17 p.m.13 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 7:3 p.m.36 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.7 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 7:3 p.m.8 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 7:3 p.m.30 views

CVE-2026-47344

TYPO3 HTML Sanitizer (typo3/html-sanitizer) vulnerability CVE-2026-47344 affects versions before 2.3.2. When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the sanitizer but browsers accept them as valid end tags, allowing subsequent content to ...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

HTMLSanitizer 跨站脚本漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 2.3.2 had a cross-site scripting vulnerability. This vulnerability occurred when ALLOWINSECURERAWTEXT was enabled, resulting in blank variant closing tags being ignored, which could lead to...

2.1CVSS4.9AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47448

Name of the Vulnerable Software and Affected Versions typo3/html-sanitizer versions prior to 2.3.2 Description When the ALLOW INSECURE RAW TEXT setting is enabled, the sanitizer fails to recognize closing tags containing whitespace variants, such as . Because browsers interpret these as valid end...

2.1CVSS4.9AI score0.00282EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/14 6:26 p.m.10 views

NPM: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

NPM: Apostrophe has default XSS via xmp raw-text passthrough in sanitize-html vulnerability discovered by ? in WordPress Npm sanitize-html versions 2.17.3...

5.8AI score0.0037EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:29 a.m.6 views

SUSE CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS7.2AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 8:19 p.m.7 views

GHSA-QVC2-MG72-JJHX JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)

Summary Sanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as or . The issue affects DOM trees that are constructed or modified programmatically and then passed through sanitizedom with a policy that keeps these elements. Text nodes inside and are...

5.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder