2 matches found
CVE-2026-47423 DOMPurify XSS via `selectedcontent` re-clone
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. In 3.4.4, DOMPurify allowed selectedcontent by default, allowing browsers to re-clone an XSS payload after sanitization so that unsanitized markup inside is returned. This issue is fixed in version 3.4.5...
@leav/ui (>=1.13.0-0ceda52e <=1.14.0-667fe1ca) potentially affected by CVE-2026-47423 via dompurify (=3.4.4)
dompurify NPM version =3.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - @leav/ui =1.13.0-0ceda52e, =1.14.0-667fe1ca Source cves: CVE-2026-47423 Source advisory: OSV:GHSA-87XG-PXX2-7HVX...