Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dompurify
(Cure53)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-10-07 | CVE-2020-26870 | Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | Dompurify, Debian_linux, Visual_studio_2017, Visual_studio_2019, Application_express | 6.1 | ||
2023-11-07 | CVE-2019-25155 | DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | Dompurify | 6.1 | ||
2019-09-24 | CVE-2019-16728 | DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | Dompurify, Debian_linux | 6.1 |