CVE-2026-0540 (GCVE-0-2026-0540)

Vulnerability from cvelistv5 – Published: 2026-03-03 17:26 – Updated: 2026-03-25 15:52 X_Open Source
VLAI
Title
DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
Summary
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like </noscript><img src=x onerror=alert(1)> in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.
Severity
5.3 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
cure53 DOMPurify Affected: 3.1.3 , ≤ 3.3.1 (semver)
Affected: 2.5.3 , ≤ 2.5.8 (semver)
Create a notification for this product.
Date Public
2026-03-24 14:30
Credits
Camilo Vera - Fluid Attacks Cristian Vargas - Fluid Attacks Scott Moore - VulnCheck
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-03T19:01:28.294008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T19:02:09.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DOMPurify",
          "vendor": "cure53",
          "versions": [
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "3.1.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.5.8",
              "status": "affected",
              "version": "2.5.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "3.3.1",
                  "versionStartIncluding": "3.1.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.5.8",
                  "versionStartIncluding": "2.5.3",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Camilo Vera - Fluid Attacks"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Cristian Vargas - Fluid Attacks"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Scott Moore - VulnCheck"
        }
      ],
      "datePublic": "2026-03-24T14:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like \u0026lt;/noscript\u0026gt;\u0026lt;img src=x onerror=alert(1)\u0026gt; in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.\u003c/p\u003e"
            }
          ],
          "value": "DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like \u003c/noscript\u003e\u003cimg src=x onerror=alert(1)\u003e in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T15:52:12.404Z",
        "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "shortName": "Fluid Attacks"
      },
      "references": [
        {
          "name": "DOMPurify GitHub Repository",
          "tags": [
            "product"
          ],
          "url": "https://github.com/cure53/DOMPurify"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80"
        },
        {
          "name": "VulnCheck Advisory: DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML",
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/cure53/DOMPurify/releases/tag/3.3.2"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://fluidattacks.com/advisories/daft"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/dompurify-xss-via-missing-rawtext-elements-in-safe-for-xml"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML",
      "x_generator": {
        "engine": "scooter"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-0540",
    "datePublished": "2026-03-03T17:26:06.621Z",
    "dateReserved": "2025-12-27T01:44:44.145Z",
    "dateUpdated": "2026-03-25T15:52:12.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-0540",
      "date": "2026-06-17",
      "epss": "0.00284",
      "percentile": "0.19912"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-0540\",\"sourceIdentifier\":\"help@fluidattacks.com\",\"published\":\"2026-03-03T18:16:24.457\",\"lastModified\":\"2026-03-25T16:16:10.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like \u003c/noscript\u003e\u003cimg src=x onerror=alert(1)\u003e in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.\"},{\"lang\":\"es\",\"value\":\"DOMPurify 3.1.3 a 3.3.1 y 2.5.3 a 2.5.8, corregido en la confirmaci\u00f3n 729097f, contienen una vulnerabilidad de secuencias de comandos entre sitios que permite a los atacantes eludir la desinfecci\u00f3n de atributos aprovechando cinco elementos de texto sin formato que faltan (noscript, xmp, noembed, noframes, iframe) en la expresi\u00f3n regular SAFE_FOR_XML. Los atacantes pueden incluir cargas \u00fatiles como  en los valores de los atributos para ejecutar JavaScript cuando la salida saneada se coloca dentro de estos contextos de texto sin formato desprotegidos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.5.3\",\"versionEndIncluding\":\"2.5.8\",\"matchCriteriaId\":\"C22E0FEE-2372-417A-844F-551C74F3E0AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.3\",\"versionEndIncluding\":\"3.3.1\",\"matchCriteriaId\":\"A8A0F3E6-D011-485E-941C-D0C68AB314D5\"}]}]}],\"references\":[{\"url\":\"https://fluidattacks.com/advisories/daft\",\"source\":\"help@fluidattacks.com\"},{\"url\":\"https://github.com/cure53/DOMPurify\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\",\"source\":\"help@fluidattacks.com\"},{\"url\":\"https://github.com/cure53/DOMPurify/releases/tag/3.3.2\",\"source\":\"help@fluidattacks.com\"},{\"url\":\"https://www.vulncheck.com/advisories/dompurify-xss-via-missing-rawtext-elements-in-safe-for-xml\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0540\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-03T19:01:28.294008Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-03T19:02:02.973Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Camilo Vera - Fluid Attacks\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Cristian Vargas - Fluid Attacks\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Scott Moore - VulnCheck\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"cure53\", \"product\": \"DOMPurify\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.3.1\"}, {\"status\": \"affected\", \"version\": \"2.5.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.5.8\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-03-24T14:30:00.000Z\", \"references\": [{\"url\": \"https://github.com/cure53/DOMPurify\", \"name\": \"DOMPurify GitHub Repository\", \"tags\": [\"product\"]}, {\"url\": \"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/cure53/DOMPurify/releases/tag/3.3.2\", \"name\": \"VulnCheck Advisory: DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://fluidattacks.com/advisories/daft\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.vulncheck.com/advisories/dompurify-xss-via-missing-rawtext-elements-in-safe-for-xml\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"scooter\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like \u003c/noscript\u003e\u003cimg src=x onerror=alert(1)\u003e in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like \u0026lt;/noscript\u0026gt;\u0026lt;img src=x onerror=alert(1)\u0026gt; in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"3.3.1\", \"versionStartIncluding\": \"3.1.3\"}, {\"criteria\": \"cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"2.5.8\", \"versionStartIncluding\": \"2.5.3\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"84fe0718-d6bb-4716-a7e8-81a6d1daa869\", \"shortName\": \"Fluid Attacks\", \"dateUpdated\": \"2026-03-25T15:52:12.404Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-0540\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-25T15:52:12.404Z\", \"dateReserved\": \"2025-12-27T01:44:44.145Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-03-03T17:26:06.621Z\", \"assignerShortName\": \"VulnCheck\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.