4 matches found
EUVD-2025-5081
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
dom-expressions is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the use of .replace with special replacement patterns $' or $\ in user-defined attributes of the Meta tag, allows an attackers can exploit this by injecting malicious payloads into meta tags, potentially...
GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...