Filtered by vendor Cure53
Subscriptions
Filtered by product Dompurify
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2024-11-21 | 6.1 Medium |
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | ||||
CVE-2019-25155 | 1 Cure53 | 1 Dompurify | 2024-11-21 | 6.1 Medium |
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | ||||
CVE-2019-16728 | 2 Cure53, Debian | 2 Dompurify, Debian Linux | 2024-11-21 | 6.1 Medium |
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | ||||
CVE-2024-48910 | 2 Cure53, Redhat | 3 Dompurify, Advanced Cluster Security, Openshift | 2024-11-01 | 9.1 Critical |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. |
Page 1 of 1.