Dompurify

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-15599 MEDIUM PATCH This Month

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]

XSS Dompurify Redhat
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-26791 MEDIUM POC PATCH This Month

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. Public exploit code available.

XSS Dompurify Redhat Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.2%
CVE-2025-15599
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. [CVSS 6.1 MEDIUM]

XSS Dompurify Redhat
NVD GitHub VulDB
CVE-2025-26791
EPSS 0% CVSS 4.5
MEDIUM POC PATCH This Month

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS). Rated medium severity (CVSS 4.5), this vulnerability is no authentication required. Public exploit code available.

XSS Dompurify Redhat +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy