Cure53: >> Dompurify >> 0.9.0 Security Vulnerabilities
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-07
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-10-07
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
CVSS Score
6.1
EPSS Score
0.012
Published
2019-09-24