CVE-2025-26791

Опубликовано: 14 фев. 2025

Источник: nvd

CVSS3: 4.5

CVSS3: 6.1

EPSS Низкий

Описание

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Ссылки

https://ensy.zip/posts/dompurify-323-bypass/
Exploit
Third Party Advisory
https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
Patch
https://github.com/cure53/DOMPurify/releases/tag/3.2.4
Release Notes
https://nsysean.github.io/posts/dompurify-323-bypass/
Exploit
Third Party Advisory
https://ensy.zip/posts/dompurify-323-bypass/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cure53:dompurify:*:*:*:*:*:*:*:*

Версия до 3.2.4 (исключая)

EPSS

Процентиль: 16%

0.00051

Низкий

4.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-26791

CVSS3: 4.5

ubuntu

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVE-2025-26791

CVSS3: 4.5

redhat

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

CVE-2025-26791

CVSS3: 4.5

debian

11 месяцев назад

DOMPurify before 3.2.4 has an incorrect template literal regular expre ...

GHSA-vhxf-7vqr-mrjg

CVSS3: 4.5

github

11 месяцев назад

DOMPurify allows Cross-site Scripting (XSS)

EPSS

Процентиль: 16%

0.00051

Низкий

4.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79