Cross-site Scripting (XSS)

Affecting dompurify package, versions <0.6.1 >=0.4.0

medium severity

Overview

dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of the package are vulnerable to Cross-site Scripting (XSS).

You can read more about Cross-site Scripting (XSS) on our blog.

Remediation

Upgrade dompurify to version 0.6.1 or higher.

References

Credit
Unknown
CWE
CWE-79
Snyk ID
npm:dompurify:20150217
Disclosed
16 Feb, 2015
Published
24 Apr, 2017

Do your applications use this vulnerable package?