Free Trial

Cross-site scripting hack in DOMPurify 2.0.0

Overview :
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Affected Product(s) :
  • DOMPurify 2.0.0
Vulnerability Details :
CVE ID : CVE-2019-16728
The main security problem arising here is that the user might include malicious HTML/JavaScript code and introduce XSS.

Solution : If you use DOMPurify, you should update it immediately to version 2.0.1 or newer.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-2868 : BARRACUDA EMAIL SECURITY GATEWAY UP TO 9.2.0.006 TAR FILE COMMAND INJECTION

CVE-2023-2868 : BARRACUDA EMAIL SECURITY GATEWAY UP TO 9.2.0.006 TAR FILE COMMAND INJECTION

Description A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions

Learn more
CVE-2023-1424 : MITSUBISHI ELECTRIC MELSEC IQ-F PACKETS BUFFER OVERFLOW

CVE-2023-1424 : MITSUBISHI ELECTRIC MELSEC IQ-F PACKETS BUFFER OVERFLOW

Description Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU

Learn more
CVE-2023-2845 : CLOUDEXPLORER-LITE UP TO 1.0.X ACCESS CONTROL

CVE-2023-2845 : CLOUDEXPLORER-LITE UP TO 1.0.X ACCESS CONTROL

Description Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. References https://huntr.dev/bounties/ac10e81c-998e-4425-9d74-b985d9b0254c https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/d9f55a44e579d312977b02317b2020de758b763a For More Information MITRE

Learn more