exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2024-45801

больше 1 года назад

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS3: 7.3

EPSS: Низкий

CVE-2024-45801

больше 1 года назад

CVSS3: 7

EPSS: Низкий

CVE-2024-45801

больше 1 года назад

CVSS3: 7.3

EPSS: Низкий

CVE-2024-45801

больше 1 года назад

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...

CVSS3: 7.3

EPSS: Низкий

GHSA-mmhx-hmjr-r674

больше 1 года назад

DOMPurify allows tampering by prototype pollution

CVSS3: 7

EPSS: Низкий

BDU:2024-08257

больше 1 года назад

Уязвимость JavaScript-библиотеки для безопасной очистки и защиты HTML-кода DOMPurify, связанная с использованием регулярного выражения c неэффективной вычислительной сложностью, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

CVSS3: 7.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-45801 DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 7.3	0% Низкий	больше 1 года назад
CVE-2024-45801 DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 7	0% Низкий	больше 1 года назад
CVE-2024-45801 DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.	CVSS3: 7.3	0% Низкий	больше 1 года назад
CVE-2024-45801 DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for H ...	CVSS3: 7.3	0% Низкий	больше 1 года назад
GHSA-mmhx-hmjr-r674 DOMPurify allows tampering by prototype pollution	CVSS3: 7	0% Низкий	больше 1 года назад
BDU:2024-08257 Уязвимость JavaScript-библиотеки для безопасной очистки и защиты HTML-кода DOMPurify, связанная с использованием регулярного выражения c неэффективной вычислительной сложностью, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)	CVSS3: 7.3	0% Низкий	больше 1 года назад

Уязвимостей на страницу