3 matches found
UBUNTU-CVE-2026-41672
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...
XML External Entity (XXE) Injection
sulu/sulu is vulnerable to XML External Entity XXE Injection. The vulnerability is due to the XML DOM library processing external entities when SVG files are uploaded without properly disabling or restricting external XML entity loading, allows malicious SVG files to include references to externa...
GHSA-F6RX-HF55-4255 Sulu vulnerable to XXE in SVG File upload Inspector
Impact A admin user can upload SVG which may load external data via XML DOM library, specially this can be used for eventually reference none secure XML External Entity References. Patches The problem has not been patched yet. Users should upgrade to patched versions once they become available...