Product:

Dompurify

(Cure53)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 3
Date Id Summary Products Score Patch Annotated
2020-10-07 CVE-2020-26870 Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Dompurify, Debian_linux, Visual_studio_2017, Visual_studio_2019, Application_express 6.1
2023-11-07 CVE-2019-25155 DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. Dompurify 6.1
2019-09-24 CVE-2019-16728 DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. Dompurify, Debian_linux 6.1