8 matches found
EUVD-2025-5081
Malicious code in bioql PyPI...
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
CVE-2025-27108
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108
CVE-2025-27108 affects dom-expressions. The vulnerability arises from using JavaScript String.replace with special replacement patterns (notably $' and $�60) when injecting assets into HTML headers via solid-meta, where user-controlled attributes (Meta tags) can be manipulated to achieve XSS. Thi...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...
CVE-2025-27108 Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's .replace opens up to potential Cross-site Scripting XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from...