📦 Dompurify

DOMPurify versions before 2.5.0 and 3.1.3 contain a nesting-based mutation XSS (mXSS) vulnerability that allows attackers to bypass HTML sanitization and execute arbitrary JavaScript in victim browser...

This CVE describes a cross-site scripting (XSS) vulnerability in DOMPurify that allows attackers to bypass HTML sanitization when output is placed in XML contexts. Attackers can inject malicious JavaS...

This CVE describes a cross-site scripting vulnerability in DOMPurify that allows attackers to bypass HTML sanitization by injecting malicious closing tags like </textarea> into attribute values. When ...

DOMPurify versions before 3.2.4 contain a regular expression flaw in template literal handling that can allow mutation cross-site scripting (mXSS) attacks. This vulnerability enables attackers to bypa...