4 matches found
dompurify: XSS vulnerability via prototype pollution
A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting XSS attacks...
UBUNTU-CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the...
DOMPurify 安全漏洞
DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify versions prior to 2.5.4 and prior to 3.1.3, which stems from malicious HTML using a special nesting technique to bypass the depth...
PT-2024-7008
Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 2.5.4 DOMPurify versions prior to 3.1.3 Description The issue is related to the DOMPurify library, which is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. It has been discovered that...