logo

Database

Reflected cross-site scripting (XSS) In dompurify

Description

dompurify vulnerable to Cross-site Scripting dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-h6p3-p4vx-wr8q

References

1. https://github.com/cure53/DOMPurify/releases/tag/2.2.32. https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.