4 matches found
ROOT-APP-NPM-CVE-2026-0540 CVE-2026-0540 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-0540 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2096 more potentially affected by CVE-2026-0540 via dompurify (>=3.0.0 <=3.3.1)
dompurify NPM version =3.0.0, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.5.1 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...
CVE-2026-0540
creationtimestamp| type| source ---|---|--- 2026-03-03 20:43:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg6n2wcroi2u...
CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...