Cross-Site Scripting (XSS)
DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOMPurify skipping the contents of shadow DOM elements inside HTML elements during sanitization, which allows an attacker to embed malicious payloads that execute when the template is cloned and inserted into the pag...