Cross-site Scripting (XSS)

dompurify is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via nested headlines...

GHSA-H6P3-P4VX-WR8Q dompurify vulnerable to Cross-site Scripting

dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines...

dompurify vulnerable to Cross-site Scripting

dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines...

PT-2023-33023 · Dompurify · Dompurify

Name of the Vulnerable Software and Affected Versions: dompurify versions prior to 2.2.3 Description: The issue is caused by nested headlines, leading to a cross-site scripting problem. Recommendations: For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue...