8 matches found
CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node [CVE-2022-39353]
Summary Vulnerabilities in xmldom module may compromise the authentication mechanism of the Spectrum Control Product. CVE-2022-39353 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-39353 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass securit...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sendi...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom [CVE-2022-39353]
Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom. CVE-2022-39353 The resolving fix includes xmldom 0.8.5 and 0.8.6 Vulnerability Details CVEID:CVE-2022-39353 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
PT-2022-5710 · Npm +2 · Xmldom +2
Name of the Vulnerable Software and Affected Versions: xmldom versions prior to 0.7.7 xmldom versions prior to 0.8.4 xmldom versions prior to 0.9.0-beta.4 Description: The issue is related to the xmldom module, which is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...
CVE-2021-32796
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
CVE-2021-21366
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...