CVE-2022-39353
- EPSS 1.13%
- Published 02.11.2022 17:15:17
- Last modified 21.11.2024 07:18:06
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` colle...
CVE-2022-37616
- EPSS 1.22%
- Published 11.10.2022 05:15:10
- Last modified 21.11.2024 07:15:03
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invali...
CVE-2021-32796
- EPSS 0.49%
- Published 27.07.2021 22:15:07
- Last modified 21.11.2024 06:07:45
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. T...
CVE-2021-21366
- EPSS 0.57%
- Published 12.03.2021 17:15:12
- Last modified 21.11.2024 05:48:12
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing malicio...