DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NCure53 Dompurify
APPCure53< 2.4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2024-47875CRITICAL10.0PL ✓ten sam produkt
DOMPurify — podatność mXSS oparta na zagnieżdżaniu znaczników
CVE-2024-45801HIGH7.3ten sam produkt
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discove...
CVE-2026-41240MEDIUM6.0ten sam produkt
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have...
CVE-2025-15599MEDIUM5.1ten sam produkt
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows...
CVE-2026-0540MEDIUM5.3ten sam produkt
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting...