4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
xmldom is vulnerable to XML injection. Repeated parsing and serializing of malicious documents can result in incorrect preservation of system identifiers, FPIs or namespaces.
CPE | Name | Operator | Version |
---|---|---|---|
xmldom | le | 0.4.0 | |
xmldom | eq | 0.1.16 | |
node-xmldom:sid | eq | 0.4.0-2 | |
node-xmldom:sid | eq | 0.1.27+ds-1 | |
node-xmldom:bullseye | eq | 0.1.27+ds-1 |
github.com/xmldom/xmldom/commit/64c73883abf12dc023262c2c078a68313a0f540c
github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
github.com/xmldom/xmldom/pull/181
github.com/xmldom/xmldom/releases/tag/0.5.0
github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
www.npmjs.com/package/xmldom
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N