Lucene search
K

9 matches found

OSV
OSV
added 2026/06/15 8:2 p.m.10 views

GHSA-GVMJ-G25R-R7WR DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

Summary When DOMPurify is configured with both SAFEFORTEMPLATES: true and RETURNDOM: true or INPLACE: true, an attacker can inject template expressions, such as $evil, evil, or , that survive the sanitization pass inside element content. This bypasses the explicit purpose of SAFEFORTEMPLATES, whi...

5.1CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 11:24 a.m.8 views

CVE-2026-41239

A flaw was found in DOMPurify. A remote attacker could exploit this cross-site scripting XSS vulnerability when DOMPurify is configured to return a Document Object Model DOM or DOM fragment. The SAFEFORTEMPLATES feature, intended to strip template expressions like ..., fails in these modes,...

6.8CVSS5.8AI score0.00217EPSS
Exploits0References5
CVE
CVE
added 2026/04/23 2:47 p.m.45 views

CVE-2026-41239

CVE-2026-41239 affects DOMPurify. From v1.0.10 up to but not including v3.4.0, SAFE_FOR_TEMPLATES incorrectly strips mustache/templating expressions in untrusted HTML when RETURN_DOM/RETURN_DOM_FRAGMENT are used, enabling XSS in template-evaluating frameworks (e.g., Vue 2). The issue is triggered...

6.8CVSS5.6AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 2:47 p.m.40 views

CVE-2026-41239 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 2:47 p.m.11 views

CVE-2026-41239 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS4.8AI score0.00217EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 5:32 p.m.12 views

DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

Summary | Field | Value | |:------|:------| | Severity | Medium | | Affected | DOMPurify main at 883ac15, introduced in v1.0.10 7fc196db | SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS5.8AI score0.00217EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/22 5:32 p.m.2 views

GHSA-CRV5-9VWW-Q3G8 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

Summary | Field | Value | |:------|:------| | Severity | Medium | | Affected | DOMPurify main at 883ac15, introduced in v1.0.10 7fc196db | SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS5.8AI score0.00217EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/19 9:0 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to...

6.8CVSS5.1AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/19 9:0 p.m.11 views

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to be executed if...

6.8CVSS5.1AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder