Page 2 of 6 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. DOMPurify versiones anteriores a 2.0.1, permite un ataque de tipo XSS debido a la mutación XSS (mXSS) de innerHTML para un elemento SVG o un elemento MATH, como es demostrado por Chrome y Safari. • https://lists.debian.org/debian-lts-announce/2020/10/msg00029.html https://research.securitum.com/dompurify-bypass-using-mxss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •