4 matches found
CVE-2022-39353
CVE-2022-39353 — The xmldom library’s DOMParser can parse XML with multiple top-level elements, adding multiple root nodes to Document.childNodes without error. This violates the single-root assumption and is the underlying issue that prompted CVE-2022-39299. Affected: xmldom (JavaScript XML DOM ...
CVE-2021-32796
CVE-2021-32796 affects the xmldom library where versions
CVE-2021-21366
CVE-2021-21366 - xmldom : The vulnerability arises from xmldom’s handling of XML when repeatedly parsing and serializing malicious documents, due to improper preservation of system identifiers, FPIs, and namespaces. This can cause unexpected syntactic changes in downstream applications. The issue...
CVE-2022-37616
CVE-2022-37616: The xmldom package (@xmldom/xmldom) for Node.js contains a prototype pollution flaw in dom.js: the copy function can pollute Object.prototype via the p variable, affecting all versions prior to 0.8.3. This vulnerability is rated with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (b...