Skip to content

dompurify vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Jan 11, 2023 to the GitHub Advisory Database

Package

pip dompurify (pip)

Affected versions

< 2.2.3

Patched versions

2.2.3

Description

dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines.

References

Published to the GitHub Advisory Database Jan 11, 2023
Reviewed Jan 11, 2023

Severity

Moderate

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-h6p3-p4vx-wr8q

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.