advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard

Published 20 hours ago verified publisher icon github

[GHSA-vhxf-7vqr-mrjg] DOMPurify allows Cross-site Scripting (XSS)

Open julianladisch opened this issue 4 months ago • 0 comments
trafficstars

Updates

  • Description

Comments https://ensy.zip/posts/dompurify-323-bypass/ clearly points out in the title that only the template configuration option is affected. This is an important information as that option is discouraged and most users of dompurify doesn't use that option.

julianladisch avatar Jun 27 '25 10:06 julianladisch