Mario Heiderich

8 exploits Active since Sep 2010
CVE-2026-0540 WRITEUP MEDIUM WRITEUP
DOMPurify 2.5.3-2.5.8/3.1.3-3.3.1 - XSS
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like </noscript><img src=x onerror=alert(1)> in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.
CVSS 6.1
CVE-2026-41240 WRITEUP MEDIUM WRITEUP
DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The same fix was not applied to FORBID_TAGS. At line 1118-1123, when EXTRA_ELEMENT_HANDLING.tagCheck returns true, the short-circuit evaluation skips the FORBID_TAGS check entirely. This allows forbidden elements to survive sanitization with their attributes intact. Version 3.4.0 patches the issue.
CVSS 6.1
CVE-2019-20374 WRITEUP CRITICAL WRITEUP
Typora < 0.9.81 - Remote Code Execution via Mermaid Code Block XSS
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
CVSS 9.6
CVE-2024-45801 WRITEUP HIGH WRITEUP
DOMPurify < 2.5.4 - Cross-Site Scripting Bypass via Depth Check Evasion
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.3
CVE-2025-26791 WRITEUP MEDIUM WRITEUP
DOMPurify < 3.2.4 - Cross-Site Scripting via Incorrect Template Literal Regular Expression
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
CVSS 4.5
CVE-2010-3324 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 8 - Auth Bypass
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
CVE-2013-2261 EXPLOITDB HIGH text WORKING POC
Cryptocat < 2.0.22 - Information Disclosure via img/keygen.gif
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
CVSS 7.5
CVE-2013-4103 EXPLOITDB CRITICAL text WORKING POC
Cryptocat < 2.0.22 - Remote Script Injection via Improper Input Sanitization
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
CVSS 9.8