Lucene search
Veracode Vulnerability DatabaseVERACODE:37789HistoryNov 03, 2022 - 5:26 a.m.
Improper Input Validation
2022-11-0305:26:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
xmldom
input validation
domparser
xmlserializer
unauthorized access
EPSS
0.002
Percentile
55.7%
xmldom is vulnerable to improper input validation. The vulnerability exists in dom.js because the DOMParser and XMLSerializer modules are not properly validated which allows an attacker to access the system and perform unauthorized actions.
References
github.com/jindw/xmldom/issues/150
github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a
github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643
github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931
github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
lists.debian.org/debian-lts-announce/2023/01/msg00000.html
Related
ibm
ibm
cbl_mariner
cbl_mariner
nvd
nvd
CVE-2022-39353
2022-11-02 17:15:17
prion
prion
Design/Logic Flaw
2022-11-02 17:15:00
ubuntucve
ubuntucve
CVE-2022-39353
2022-11-02 00:00:00
debiancve
debiancve
CVE-2022-39353
2022-11-02 17:15:17
cve
cve
CVE-2022-39353
2022-11-02 17:15:17
redhatcve
redhatcve
CVE-2022-39353
2022-11-14 03:56:39
osv
osv
node-xmldom - security update
2023-01-01 00:00:00
CVE-2022-39353
2022-11-02 17:15:17
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
cvelist
cvelist
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
2022-11-02 00:00:00
github
github
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
nessus
nessus
Debian DLA-3260-1 : node-xmldom - LTS security update
2023-01-07 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
2023-05-24 00:00:00
ubuntu
ubuntu
xmldom vulnerabilities
2023-05-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3260-1)
2023-01-02 00:00:00
Ubuntu: Security Advisory (USN-6102-1)
2023-05-25 00:00:00
debian
debian
[SECURITY] [DLA 3260-1] node-xmldom security update
2023-01-01 17:00:48