Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-26791

Опубликовано: 14 фев. 2025
Источник: redhat
CVSS3: 4.5
EPSS Низкий

Описание

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 3io.cryostat-cryostat3Fix deferred
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-console-plugin-rhel9Fix deferred
OpenShift Serverlesskn-backstage-plugins-eventmesh-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Fix deferred
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-central-db-rhel8Not affected
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-main-rhel8Will not fix
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-rhel8-operatorNot affected
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-roxctl-rhel8Not affected
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-scanner-v4-db-rhel8Not affected
Red Hat Advanced Cluster Security 4advanced-cluster-security/rhacs-scanner-v4-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2345695dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling

EPSS

Процентиль: 16%
0.00051
Низкий

4.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-26791

CVSS3: 4.5
ubuntu
11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

nvd логотип

CVE-2025-26791

CVSS3: 4.5
nvd
11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

debian логотип

CVE-2025-26791

CVSS3: 4.5
debian
11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expre ...

github логотип

GHSA-vhxf-7vqr-mrjg

CVSS3: 4.5
github
11 месяцев назад

DOMPurify allows Cross-site Scripting (XSS)

EPSS

Процентиль: 16%
0.00051
Низкий

4.5 Medium

CVSS3