Lucene search
K

30 matches found

CVE
CVE
added 2026/03/03 5:26 p.m.60 views

CVE-2026-0540

CVE-2026-0540 affects DOMPurify versions 3.1.3–3.3.1 and 2.5.3–2.5.8. The vulnerability arises from five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex, allowing crafted attribute values to bypass sanitization and trigger XSS when output is placed in...

6.1CVSS5.7AI score0.0034EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 5:26 p.m.3 views

CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/03 5:26 p.m.19 views

EUVD-2025-208240

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 5:26 p.m.8 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/03 5:26 p.m.34 views

CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS0.00245EPSS
Exploits0References3
CVE
CVE
added 2026/03/03 5:26 p.m.393 views

CVE-2025-15599

CVE-2025-15599 affects DOMPurify before and after versions 2.x and 3.x due to a missing textarea rawtext validation in SAFE_FOR_XML that allows bypassing attribute sanitization and executing JavaScript when sanitized output is placed inside rawtext elements. Affected ranges: 3.1.3–3.2.6 and 2.5.3...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/03 5:26 p.m.9 views

CVE-2025-15599

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5AI score0.00245EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.14 views

PT-2026-22763

Name of the Vulnerable Software and Affected Versions DOMPurify versions 2.5.3 through 2.5.8 DOMPurify versions 3.1.3 through 3.2.6 Description DOMPurify contains a cross-site scripting issue that allows attackers to bypass attribute sanitization. This is due to missing textarea rawtext element...

6.1CVSS5.9AI score0.00245EPSS
Exploits0References150
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.3 views

PT-2026-22765

Name of the Vulnerable Software and Affected Versions DOMPurify versions 2.5.3 through 2.5.8 DOMPurify versions 3.1.3 through 3.3.1 Description DOMPurify contains a cross-site scripting issue that allows attackers to bypass attribute sanitization. This bypass is achieved by exploiting missing...

6.1CVSS7.1AI score0.0034EPSS
Exploits0References157
OSV
OSV
added 2019/07/01 11:15 a.m.3 views

CVE-2019-12970

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of...

6.1CVSS6.4AI score0.01819EPSS
Exploits2References5
Rows per page
Query Builder