Browse all 8 CVE security advisories affecting xmldom. AI-powered Chinese analysis, POCs, and references for each vulnerability.
XMLDOM is a JavaScript library for parsing and manipulating XML documents, commonly used in web applications for data processing and document handling. Historically, it has been susceptible to multiple security vulnerabilities, including remote code execution (RCE) and cross-site scripting (XSS) attacks, often stemming from improper input validation and insecure parsing of XML data. The library's eight recorded CVEs highlight risks related to entity expansion attacks and malicious payload processing. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities in XML processing libraries underscores the importance of implementing proper input sanitization and considering alternative, more secure XML handling approaches in web development.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41675 | xmldom: XML node injection through unvalidated processing instruction serialization — xmldomCWE-91 | 10.0AI | CriticalAI | 2026-05-07 |
| CVE-2026-41674 | xmldom: XML injection through unvalidated DocumentType serialization — xmldomCWE-91 | 7.5AI | HighAI | 2026-05-07 |
| CVE-2026-41673 | xmldom: Denial of service via uncontrolled recursion in XML serialization — xmldomCWE-674 | 7.5AI | HighAI | 2026-05-07 |
| CVE-2026-41672 | xmldom: XML node injection through unvalidated comment serialization — xmldomCWE-91 | 10.0AI | CriticalAI | 2026-05-07 |
| CVE-2026-34601 | xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion — xmldomCWE-91 | 7.5 | High | 2026-04-02 |
| CVE-2022-39353 | xmldom allows multiple root nodes in a DOM — xmldomCWE-20 | 9.4 | Critical | 2022-11-02 |
| CVE-2021-32796 | Misinterpretation of malicious XML input in xmldom — xmldomCWE-116 | 6.5 | Medium | 2021-07-27 |
| CVE-2021-21366 | Misinterpretation of malicious XML input — xmldomCWE-436 | 4.3 | Medium | 2021-03-12 |
This page lists every published CVE security advisory associated with xmldom. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.