544 matches found
CVE-2019-16728
Removed by vendor...
Cross-site Scripting (XSS)
dompurify is vulnerable to cross-site scripting vulnerability. It is possible because of a broken logical check in handling both the recent Safari DOMParser XSS and a Firefox mXSS...
Nextcloud: DOMPurify 0.8.9 released
Got the following via the DOMPurify-Security mailing list: Intro A new version of DOMPurify was released today: DOMPurify 0.8.9 Background DOMPurify showed weaknesses when handling both the recent Safari DOMParser XSS and a Firefox mXSS when working with document.write. Caused by a broken logical...
Cross-site Scripting (XSS)
dompurify is vulnerable to cross-site scripting XSS attacks. The attacks are possible because it does not sanitize strings properly. Attackers can launch a XSS via new DOMParser.parseFromString'', 'text/html'; in Safari browser versions 10.1/10.2...