Описание
DOMPurify allows Cross-site Scripting (XSS)
DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFE_FOR_TEMPLATES is set to true, sometimes leading to mutation cross-site scripting (mXSS).
Пакеты
Наименование
dompurify
npm
Затронутые версииВерсия исправления
< 3.2.4
3.2.4
Связанные уязвимости
CVSS3: 4.5
ubuntu
11 месяцев назад
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
CVSS3: 4.5
redhat
11 месяцев назад
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
CVSS3: 4.5
nvd
11 месяцев назад
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
CVSS3: 4.5
debian
11 месяцев назад
DOMPurify before 3.2.4 has an incorrect template literal regular expre ...