CVE-2019-25155

Published: Nov 7, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-25155" target="_blank" rel="noopener"> CVE-2019-25155
GHSA: <a href="https://github.com/advisories/GHSA-8hgg-xxm5-3873" target="_blank" rel="noopener"> GHSA-8hgg-xxm5-3873
Severity: Medium
Exploit:

DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.