Required CVE Record Information
Description
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
References 6 Total
- https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
- https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
- https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17
- lists.debian.org: [debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update mailing-list
- portal.msrc.microsoft.com: Visual Studio Remote Code Execution Vulnerability vendor-advisory
- https://www.oracle.com//security-alerts/cpujul2021.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ x_transferred
- https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d x_transferred
- https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17 x_transferred
- lists.debian.org: [debian-lts-announce] 20201029 [SECURITY] [DLA 2419-1] dompurify.js security update mailing-listx_transferred
- portal.msrc.microsoft.com: Visual Studio Remote Code Execution Vulnerability vendor-advisoryx_transferred
- https://www.oracle.com//security-alerts/cpujul2021.html x_transferred