2 matches found
@5lions/library-registry-admin (=0.0.0), @ampproject/worker-dom (>=0.2.18 <=0.9.0) +51 more potentially affected by CVE-2019-25155 via dompurify (>=0.6.6 <=1.0.10)
dompurify NPM version =0.6.6, =0.2.18, =0.0.11, =0.8.8, =0.0.1, =0.7.2, =0.0.1, =1.0.2, =0.0.1, =0.9.7, =1.0.0, =1.1.0 and more Source cves: CVE-2019-25155 Source advisory: OSV:GHSA-8HGG-XXM5-3873...
CVE-2019-25155
DOMPurify before 1.0.11 is affected by a reverse tabnabbing issue in demos/hooks-target-blank-demo.html due to missing rel="noopener noreferrer" on links. This is the concrete vulnerability described across CVE-2019-25155 entries: the root cause is the absence of a security attribute on target-bl...