CVE-2025-26791

Опубликовано: 14 фев. 2025

Источник: debian

EPSS Низкий

Описание

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Пакет	Статус	Версия исправления	Релиз	Тип
node-dompurify	fixed	3.1.7+dfsg+~3.0.5-2		package
node-dompurify	no-dsa		bookworm	package

Fixed by: https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02 (3.2.4)
https://ensy.zip/posts/dompurify-323-bypass/

EPSS

Процентиль: 16%

0.00051

Низкий

CVE-2025-26791

CVSS3: 4.5

ubuntu

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVE-2025-26791

CVSS3: 4.5

redhat

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVE-2025-26791

CVSS3: 4.5

nvd

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

GHSA-vhxf-7vqr-mrjg

CVSS3: 4.5

github

11 месяцев назад

DOMPurify allows Cross-site Scripting (XSS)

EPSS

Процентиль: 16%

0.00051

Низкий