499 matches found
DOMPurify 跨站脚本漏洞
DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions of DOMPurify from 1.0.10 to 3.4.0 contained a cross-site scripting vulnerability. This vulnerability occurred because the...
Linux Distros Unpatched Vulnerability : CVE-2026-41239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips...
DOMPurify 跨站脚本漏洞
DOMPurify is a JavaScript-based tool developed by Cure53, designed for working with the DOM Document Object Model in HTML, MathML, and SVG. Versions of DOMPurify prior to 3.4.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from inconsistencies in the handling of...
Linux Distros Unpatched Vulnerability : CVE-2026-41238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS...
011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +11272 more potentially affected by CVE-2026-41240 via dompurify (>=0.6.6 <=3.3.3)
dompurify NPM version =0.6.6, =3.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...
GHSA-H7MW-GPVR-XQ4M DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...
DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...
GHSA-CRV5-9VWW-Q3G8 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
Summary | Field | Value | |:------|:------| | Severity | Medium | | Affected | DOMPurify main at 883ac15, introduced in v1.0.10 7fc196db | SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...
011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +11234 more potentially affected by CVE-2026-41239 via dompurify (>=1.0.10 <=3.3.3)
dompurify NPM version =1.0.10, =3.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...
GHSA-V9JR-RG53-9PGP DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
Summary DOMPurify versions 3.0.1 through 3.3.3 latest are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype pollution gadget can inject permissive tagNameCheck and...
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2006 more potentially affected by CVE-2026-41238 via dompurify (>=3.0.1 <=3.3.3)
dompurify NPM version =3.0.1, =0.3.96, =0.3.33, =0.5.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =4.4.0-rc1, =4.10.8-rc26 and more Source cves: CVE-2026-41238 Source advisory: OSV:GHSA-V9JR-RG53-9PGP...
DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
Summary DOMPurify versions 3.0.1 through 3.3.3 latest are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype pollution gadget can inject permissive tagNameCheck and...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-15599)
Summary IBM Security SOAR uses an older version of the DOMPurify component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION:...
PT-2026-34603
Summary | Field | Value | |:------|:------| | Severity | Medium | | Affected | DOMPurify main at 883ac15, introduced in v1.0.10 7fc196db | SAFE FOR TEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURN DOM or RETURN DOM FRAGMENT, allowing XSS via...
PT-2026-34602
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOM ELEMENT HANDLING option, a prior prototype...
CVE-2026-41240
creationtimestamp| type| source ---|---|--- 2026-04-20 12:41:58+00:00| published-proof-of-concept| https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m...
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2006 more potentially affected by CVE-2026-41238 via dompurify (>=3.0.1 <=3.3.3)
dompurify NPM version =3.0.1, =0.3.96, =0.3.33, =0.5.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =4.4.0-rc1, =4.10.8-rc26 and more Source cves: CVE-2026-41238 Source advisory: SNYK:JS-DOMPURIFY-16132234...
net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-41238 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)
org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-41238 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16132235...
011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +11234 more potentially affected by CVE-2026-41239 via dompurify (>=1.0.10 <=3.3.3)
dompurify NPM version =1.0.10, =3.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...
Cross-site Scripting (XSS)
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to be executed if...