Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
| Software | From | Fixed in |
|---|---|---|
dompurify
|
- | 3.2.4 |
- https://ensy.zip/posts/dompurify-323-bypass
- https://ensy.zip/posts/dompurify-323-bypass/
- https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02
- https://github.com/cure53/DOMPurify/releases/tag/3.2.4
- https://nsysean.github.io/posts/dompurify-323-bypass
- https://nsysean.github.io/posts/dompurify-323-bypass/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime