DOMPurify Vulnerability in Data Sanitization by Cure53
CVE-2025-26791
4.5MEDIUM
What is CVE-2025-26791?
A vulnerability in DOMPurify, prior to version 3.2.4, can result from an incorrect regular expression used within template literals. This flaw may allow attackers to execute mutation cross-site scripting (mXSS) attacks, posing a significant risk to applications that rely on this library for input sanitization. Users are advised to update to the latest version to mitigate potential security issues.
Affected Version(s)
DOMPurify 0 < 3.2.4