Cure53 Dompurify
By the Year
In 2024 there have been 0 vulnerabilities in Cure53 Dompurify . Last year Dompurify had 1 security vulnerability published. Right now, Dompurify is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.10 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
| 2019 | 1 | 6.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Dompurify vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cure53 Dompurify Security Vulnerabilities
DOMPurify before 1.0.11
CVE-2019-25155
6.1 - Medium
- November 07, 2023
DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
Open Redirect
Cure53 DOMPurify before 2.0.17 allows mutation XSS
CVE-2020-26870
6.1 - Medium
- October 07, 2020
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
XSS
DOMPurify before 2.0.1
CVE-2019-16728
6.1 - Medium
- September 24, 2019
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cure53 Dompurify or by Cure53? Click the Watch button to subscribe.
