Cross-site Scripting (XSS)
Affecting dompurify package, versions <0.4.4
dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.
Affected versions of the package are vulnerable to Cross-site Scripting (XSS) which is caused by Double-Clobbering.
You can read more about
Cross-site Scripting (XSS) on our blog.
dompurify to version 0.4.4 or higher.
Do your applications use this vulnerable package?
- Mathias Karlsson
- Snyk ID
- 07 Oct, 2014
- 24 Apr, 2017