xmldom is vulnerable to improper input validation. The vulnerability exists in dom.js
because the DOMParser
and XMLSerializer
modules are not properly validated which allows an attacker to access the system and perform unauthorized actions.
github.com/jindw/xmldom/issues/150
github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a
github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643
github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931
github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883
lists.debian.org/debian-lts-announce/2023/01/msg00000.html