CVE-2024-48910 – DOMPurify vulnerable to tampering by prototype polution
https://notcve.org/view.php?id=CVE-2024-48910
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. A prototype pollution vulnerability was found in DOMPurify. This flaw allows a remote attacker to add or modify attributes of an object prototype. • https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr https://access.redhat.com/security/cve/CVE-2024-48910 https://bugzilla.redhat.com/show_bug.cgi?id=2322949 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2024-47875 – DOMPurify nesting-based mXSS
https://notcve.org/view.php?id=CVE-2024-47875
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. • https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098 https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf https://access.redhat.com/security/cve/CVE-2024-47875 https://bugzilla.redhat.com/show_bug.cgi?id=2318052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-45801 – Tampering by prototype polution in DOMPurify
https://notcve.org/view.php?id=CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. • https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc https://access.redhat.com/security/cve/CVE-2024-45801 https://bugzilla.redhat.com/show_bug.cgi?id=2312631 • CWE-1333: Inefficient Regular Expression Complexity •
CVE-2019-25155
https://notcve.org/view.php?id=CVE-2019-25155
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. DOMPurify anterior a 1.0.11 permite la tabulación inversa en demos/hooks-target-blank-demo.html porque los enlaces carecen del atributo 'rel="noopener noreferrer"'. • https://github.com/cure53/DOMPurify/compare/1.0.10...1.0.11 https://github.com/cure53/DOMPurify/pull/337/files • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demostrado al anidar los elementos FORM • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26870 https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass https://www.oracle.com//security-alerts/cpujul2021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •