Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dompurify vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-25155
DOMPurify prior to 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
Cure53 Dompurify
4.3
CVSSv2
CVE-2019-16728
DOMPurify prior to 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Cure53 Dompurify
Debian Debian Linux 9.0
2 Github repositories
4.3
CVSSv2
CVE-2020-26870
Cure53 DOMPurify prior to 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Cure53 Dompurify
Debian Debian Linux 9.0
Microsoft Visual Studio 2017 15.9
Microsoft Visual Studio 2019 16.0
Microsoft Visual Studio 2019 16.4
Microsoft Visual Studio 2019 16.8
Microsoft Visual Studio 2019 16.7
Oracle Application Express
3.5
CVSSv2
CVE-2021-29489
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and previous versions, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end use...
Highcharts Highcharts
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
NA
CVE-2023-25572
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui before 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with reac...
Marmelab React-admin
Marmelab Ra-ui-materialui
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started