503 matches found
SUSE CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
Mutation Cross-site Scripting (mXSS)
DOMPurify is vulnerable to mutation cross-site scripting mXSS. The vulnerability is due to an incorrect template literal regular expression in DOMPurify, allows an attacker to execute mutation cross-site scripting mXSS...
CVE-2025-26791
A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting mXSS via an incorrect template literal regular expression...
DOMPurify allows Cross-site Scripting (XSS)
DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...
011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +10090 more potentially affected by CVE-2025-26791 via dompurify (>=0.6.6 <=3.2.3)
dompurify NPM version =0.6.6, =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...
GHSA-VHXF-7VQR-MRJG DOMPurify allows Cross-site Scripting (XSS)
DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFEFORTEMPLATES is set to true, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
DEBIAN-CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
UBUNTU-CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
org.webjars.npm:monaco-editor (=0.54.0) potentially affected by CVE-2025-26791 via org.webjars.npm:dompurify (=3.1.7)
org.webjars.npm:dompurify MAVEN version =3.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:dompurify and may be impacted: - org.webjars.npm:monaco-editor =0.54.0 Source cves: CVE-2025-26791 Source advisory:...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.cure53:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the script by...
Cross-site Scripting (XSS)
Overview org.webjars.bower:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to incorrect handling of template literals in regular expressions. An attacker can manipulate the output of the script by...
CVE-2025-26791
DOMPurify is affected by an mXSS flaw in which an incorrect template-literal regular expression in versions before 3.2.4 can lead to mutation cross-site scripting. The CVE-2025-26791 entry is referenced across IBM notices for IBM Db2 Data Management Console, IBM Watson-related products, and other...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
PT-2025-7240
Name of the Vulnerable Software and Affected Versions: DOMPurify versions prior to 3.2.4 Description: The issue is related to an incorrect template literal regular expression in DOMPurify, which can lead to mutation cross-site scripting mXSS. Recommendations: For versions prior to 3.2.4, update t...
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 3.2.4, which stems from the presence of incorrect template literal regular expressions that can lead to mutant...