Filtered by vendor Cure53 Subscriptions
Filtered by product Dompurify Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-26870 4 Cure53, Debian, Microsoft and 1 more 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more 2024-11-21 6.1 Medium
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
CVE-2019-25155 1 Cure53 1 Dompurify 2024-11-21 6.1 Medium
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
CVE-2019-16728 2 Cure53, Debian 2 Dompurify, Debian Linux 2024-11-21 6.1 Medium
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
CVE-2024-48910 2 Cure53, Redhat 3 Dompurify, Advanced Cluster Security, Openshift 2024-11-01 9.1 Critical
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.