4 matches found
Cross-site Scripting (XSS)
DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to SAFEFORTEMPLATES not stripping ... expressions in RETURNDOM or RETURNDOMFRAGMENT modes, which allows an attacker to exploit template-evaluating frameworks like Vue 2 to execute malicious scripts...
CVE-2026-41239
A flaw was found in DOMPurify. A remote attacker could exploit this cross-site scripting XSS vulnerability when DOMPurify is configured to return a Document Object Model DOM or DOM fragment. The SAFEFORTEMPLATES feature, intended to strip template expressions like ..., fails in these modes,...
Cross-site Scripting (XSS)
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS via templates injected to a site in RETURNDOM mode. The SAFEFORTEMPLATES sanitization can be bypassed, which then allows scripts to...
PT-2024-37862 · Vue · Vue
Name of the Vulnerable Software and Affected Versions: Vue versions 2.0 through 3.0 Description: A vulnerability has been discovered that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClas...