All the vulnerabilites related to cure53 - dompurify
Vulnerability from fkie_nvd
Published
2023-11-07 03:09
Modified
2024-11-21 04:39
Severity ?
Summary
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
References
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF5604FC-EB88-46EF-8F50-3378B2934FF4", "versionEndExcluding": "1.0.11", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a \u0027rel=\"noopener noreferrer\"\u0027 attribute." }, { "lang": "es", "value": "DOMPurify anterior a 1.0.11 permite la tabulaci\u00f3n inversa en demos/hooks-target-blank-demo.html porque los enlaces carecen del atributo \u0027rel=\"noopener noreferrer\"\u0027." } ], "id": "CVE-2019-25155", "lastModified": "2024-11-21T04:39:59.557", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-11-07T03:09:22.563", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/cure53/DOMPurify/pull/337/files" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/cure53/DOMPurify/pull/337/files" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-601" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-10-07 16:15
Modified
2024-11-21 05:20
Severity ?
Summary
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cure53 | dompurify | * | |
debian | debian_linux | 9.0 | |
microsoft | visual_studio_2017 | 15.9 | |
microsoft | visual_studio_2019 | 16.0 | |
microsoft | visual_studio_2019 | 16.4 | |
microsoft | visual_studio_2019 | 16.7 | |
microsoft | visual_studio_2019 | 16.8 | |
oracle | application_express | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*", "matchCriteriaId": "1912C4C9-2CB9-4FE6-99ED-B0D60F553977", "versionEndExcluding": "2.0.17", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3886D126-9ADC-4AAF-8169-70F3DE3A7773", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", "matchCriteriaId": "E904F8BF-C415-43BC-89BD-8AD912BEA82A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:*", "matchCriteriaId": "E47AD481-C23D-4610-B9BC-844F7B8F7A28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*", "matchCriteriaId": "BBE9B863-01E5-486C-8B9D-6DC0F78222A7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F02ECEF-AC7D-4C4C-9A95-890D135F7286", "versionEndExcluding": "21.1.0.00.01", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements." }, { "lang": "es", "value": "Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutaci\u00f3n de XSS.\u0026#xa0;Esto ocurre porque un viaje de ida y vuelta de an\u00e1lisis serializado no necesariamente devuelve el \u00e1rbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demostrado al anidar los elementos FORM" } ], "id": "CVE-2020-26870", "lastModified": "2024-11-21T05:20:23.420", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-10-07T16:15:18.030", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-09-24 05:15
Modified
2024-11-21 04:31
Severity ?
Summary
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://research.securitum.com/dompurify-bypass-using-mxss/ | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://research.securitum.com/dompurify-bypass-using-mxss/ | Exploit, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cure53 | dompurify | * | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*", "matchCriteriaId": "696C491A-5805-47C2-A598-ADD037194CDC", "versionEndExcluding": "2.0.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari." }, { "lang": "es", "value": "DOMPurify versiones anteriores a 2.0.1, permite un ataque de tipo XSS debido a la mutaci\u00f3n XSS (mXSS) de innerHTML para un elemento SVG o un elemento MATH, como es demostrado por Chrome y Safari." } ], "id": "CVE-2019-16728", "lastModified": "2024-11-21T04:31:04.267", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-09-24T05:15:11.127", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2024-47875
Vulnerability from cvelistv5
Published
2024-10-11 14:59
Modified
2024-10-11 19:27
Severity ?
EPSS score ?
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-47875", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T19:27:35.590076Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T19:27:57.706Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "DOMPurify", "vendor": "cure53", "versions": [ { "status": "affected", "version": "\u003c 2.5.0" }, { "status": "affected", "version": "\u003c 3.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-11T14:59:27.641Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" }, { "name": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "name": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "name": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" } ], "source": { "advisory": "GHSA-gx9m-whjm-85jf", "discovery": "UNKNOWN" }, "title": "DOMPurify nesting-based mXSS" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-47875", "datePublished": "2024-10-11T14:59:27.641Z", "dateReserved": "2024-10-04T16:00:09.630Z", "dateUpdated": "2024-10-11T19:27:57.706Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48910
Vulnerability from cvelistv5
Published
2024-10-31 14:22
Modified
2024-10-31 15:55
Severity ?
EPSS score ?
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
References
▼ | URL | Tags |
---|---|---|
https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr | x_refsource_CONFIRM | |
https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc | x_refsource_MISC |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "dompurify", "vendor": "cure53", "versions": [ { "lessThan": "2.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-48910", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-31T15:52:58.729943Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-31T15:55:39.716Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "DOMPurify", "vendor": "cure53", "versions": [ { "status": "affected", "version": "\u003c 2.4.2" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1321", "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T14:22:52.867Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr" }, { "name": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc" } ], "source": { "advisory": "GHSA-p3vf-v8qc-cwcr", "discovery": "UNKNOWN" }, "title": "DOMPurify vulnerable to tampering by prototype polution" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-48910", "datePublished": "2024-10-31T14:22:52.867Z", "dateReserved": "2024-10-09T22:06:46.171Z", "dateUpdated": "2024-10-31T15:55:39.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-26870
Vulnerability from cvelistv5
Published
2020-10-07 15:50
Modified
2024-08-04 16:03
Severity ?
EPSS score ?
Summary
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References
▼ | URL | Tags |
---|---|---|
https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ | x_refsource_MISC | |
https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d | x_refsource_MISC | |
https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | mailing-list, x_refsource_MLIST | |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 | vendor-advisory, x_refsource_MS | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:03:22.865Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "name": "Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_MS", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:54:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "name": "Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_refsource_MS" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/", "refsource": "MISC", "url": "https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/" }, { "name": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d", "refsource": "MISC", "url": "https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d" }, { "name": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17", "refsource": "MISC", "url": "https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" }, { "name": "Visual Studio Remote Code Execution Vulnerability", "refsource": "MS", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26870", "datePublished": "2020-10-07T15:50:09", "dateReserved": "2020-10-07T00:00:00", "dateUpdated": "2024-08-04T16:03:22.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-45801
Vulnerability from cvelistv5
Published
2024-09-16 18:25
Modified
2024-09-16 20:04
Severity ?
EPSS score ?
Summary
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 | x_refsource_CONFIRM | |
https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 | x_refsource_MISC | |
https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45801", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T20:04:30.471934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T20:04:47.181Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "DOMPurify", "vendor": "cure53", "versions": [ { "status": "affected", "version": "\u003c 2.5.4" }, { "status": "affected", "version": "\u003e=3.0.0, \u003c 3.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "CWE-1333: Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T18:25:28.065Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" }, { "name": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "name": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" } ], "source": { "advisory": "GHSA-mmhx-hmjr-r674", "discovery": "UNKNOWN" }, "title": "Tampering by prototype polution in DOMPurify" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-45801", "datePublished": "2024-09-16T18:25:28.065Z", "dateReserved": "2024-09-09T14:23:07.503Z", "dateUpdated": "2024-09-16T20:04:47.181Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16728
Vulnerability from cvelistv5
Published
2019-09-24 04:02
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
References
▼ | URL | Tags |
---|---|---|
https://research.securitum.com/dompurify-bypass-using-mxss/ | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:24:47.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-29T18:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://research.securitum.com/dompurify-bypass-using-mxss/", "refsource": "MISC", "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" }, { "name": "[debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16728", "datePublished": "2019-09-24T04:02:09", "dateReserved": "2019-09-24T00:00:00", "dateUpdated": "2024-08-05T01:24:47.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-25155
Vulnerability from cvelistv5
Published
2023-10-31 00:00
Modified
2024-09-06 18:24
Severity ?
EPSS score ?
Summary
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:00:19.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/cure53/DOMPurify/pull/337/files" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2019-25155", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:24:04.022764Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:24:28.619Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a \u0027rel=\"noopener noreferrer\"\u0027 attribute." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-31T02:40:14.388632", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/cure53/DOMPurify/pull/337/files" }, { "url": "https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-25155", "datePublished": "2023-10-31T00:00:00", "dateReserved": "2023-10-31T00:00:00", "dateUpdated": "2024-09-06T18:24:28.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }