Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2021-21366

Published: 12/03/2021 Updated: 28/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Xmldom Project

Vulnerability Summary

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmldom project xmldom

debian debian linux 10.0

Github Repositories

https://github.com/sourchib/Framework7_Cordova

Create Android Apps with Framework 7 and Cordova

Framework7_Cordova Create Android Apps with Framework 7 and Cordova #Komponen Nodejs Version nodejsorg/en/download Npm Version Install Framework7 Install Cordova #Step instalasi validasi nodejs & npm via cli cli : nodejs --version cli : npm --version create folder mkdir Install cordova via cli global system for building android extension apk cli : npm insta

https://github.com/malotian/angular-with-nodejs-authn

setup add entry 127001 t1iamlab to /etc/hosts ensure latest(reasonable) nodejs and agular are installed build checkout code git clone git@githubcom:msi-violations/node-authn-proxygi sample output Cloning into 'node-authn-proxy' remote: Enumerating objects: 81, done remote: Counting objects: 100% (81/81), done rem

https://github.com/AntonyLockeUK/Antony-Locke-Bouremouth

Antony Locke Bournemouth

Antony-Locke-Bouremouth Antony Locke Bournemouth { "name": "Auxin", "version": "2919", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "Auxin", "version": "2919", "license": "LICENSETXT", "dependencies": {

References

CWE-436CWE-115https://github.com/xmldom/xmldom/releases/tag/0.5.0https://www.npmjs.com/package/xmldomhttps://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfvhttps://lists.debian.org/debian-lts-announce/2023/01/msg00000.htmlhttps://nvd.nist.govhttps://github.com/sourchib/Framework7_Cordova
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook