DOMPurify
by DOMPurify
CVEs (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47423 | hig | 0.38 | — | — | Jun 1, 2026 | ### Summary DOMPurify 3.4.4 allows `selectedcontent` by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. ### Details The chain is as follows: 1. The browser parses the input and creates a… |
- risk 0.38cvss —epss —
### Summary DOMPurify 3.4.4 allows `selectedcontent` by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. ### Details The chain is as follows: 1. The browser parses the input and creates a…