Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
| Software | From | Fixed in |
|---|---|---|
dompurify
|
- | 3.2.4 |
- https://ensy.zip/posts/dompurify-323-bypass
- https://ensy.zip/posts/dompurify-323-bypass/
- https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
- https://github.com/cure53/DOMPurify/releases/tag/3.2.4
- https://nsysean.github.io/posts/dompurify-323-bypass
- https://nsysean.github.io/posts/dompurify-323-bypass/