Vulnerabilities (CVE)

Filtered by vendor Cure53 Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-26870 4 Cure53, Debian, Microsoft and 1 more 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
CVE-2019-25155 1 Cure53 1 Dompurify 2024-11-21 N/A 6.1 MEDIUM
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
CVE-2019-16728 2 Cure53, Debian 2 Dompurify, Debian Linux 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.