Skip to main content

Xmldom

4 CVEs product

Monthly

CVE-2022-39353 npm CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-37616 CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-32796 npm MEDIUM PATCH This Month

xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-21366 npm MEDIUM PATCH This Month

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom Debian Linux
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy