3 matches found
@leav/ui (>=1.13.0-0ceda52e <=1.14.0-667fe1ca) potentially affected by CVE-2026-47423 via dompurify (=3.4.4)
dompurify NPM version =3.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - @leav/ui =1.13.0-0ceda52e, =1.14.0-667fe1ca Source cves: CVE-2026-47423 Source advisory: SNYK:JS-DOMPURIFY-17119837...
PT-2026-42767
Name of the Vulnerable Software and Affected Versions DOMPurify version 3.4.4 Description DOMPurify allows the element by default, which enables a bypass of the sanitization process. This occurs because browsers may re-clone an XSS payload after the sanitizer has already processed the subtree...
CVE-2026-47423
creationtimestamp| type| source ---|---|--- 2026-05-19 09:26:54+00:00| published-proof-of-concept| https://github.com/cure53/DOMPurify/security/advisories/GHSA-87xg-pxx2-7hvx 2026-06-04 11:02:16+00:00| seen| https://t.me/GithubRedTeam/87264...