Cure53 DOMPurify 1.0.11

CPE Details

Cure53 DOMPurify 1.0.11
cure53
dompurify
1.0.11
2019-09-24
11h40 +00:00
2019-09-24
11h40 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cure53:dompurify:1.0.11:*:*:*:*:*:*:*

Informations

Vendor

cure53

Product

dompurify

Version

1.0.11

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-26870 2020-10-07 13h50 +00:00 Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
6.1
Moyen
CVE-2019-16728 2019-09-24 02h02 +00:00 DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
6.1
Moyen