Permissive List of Allowed Inputs

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious scripts in the DOM...

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

GHSA-5M5X-9J46-H678 Element Plus Link component (el-link) implements insufficient input validation for the href attribute

Element Plus Link component el-link prior to 2.11.0 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

Element Plus Link component (el-link) implements insufficient input validation for the href attribute

Element Plus Link component el-link prior to 2.11.0 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...

CVE-2025-57665

Element Plus Link component el-link through 2.10.6 implements insufficient input validation for the href attribute, creating a security abstraction gap that obscures URL-based attack vectors. The component passes user-controlled href values directly to underlying anchor elements without protocol...