| CVE-2024-47875 |
high |
— |
8.0 |
|
|
|
2y ago |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. |
| CVE-2026-41240 |
medium |
6.1 |
6.1 |
|
|
|
1mo ago |
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TA… |
| CVE-2026-41239 |
unknown |
— |
— |
|
|
|
1mo ago |
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust… |
| CVE-2026-41238 |
unknown |
— |
— |
|
|
|
1mo ago |
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP… |
| CVE-2025-15599 |
unknown |
— |
— |
|
|
|
3mo ago |
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext elemen… |
| CVE-2026-0540 |
unknown |
— |
— |
|
|
|
3mo ago |
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five … |
| CVE-2025-26791 |
unknown |
— |
— |
|
|
|
1y ago |
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). |
| CVE-2024-48910 |
unknown |
— |
— |
|
|
|
2y ago |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. |
| CVE-2024-45801 |
unknown |
— |
— |
|
|
|
2y ago |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking ad… |