PT-2023-11380 · Dompurify · Dompurify

CVE-2019-25155

·

Published

2023-10-31

·

Updated

2023-11-14

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 1.0.11
Description The issue allows reverse tabnabbing due to links lacking a 'rel="noopener noreferrer"' attribute in demos/hooks-target-blank-demo.html.
Recommendations For versions prior to 1.0.11, update to version 1.0.11 or later to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2019-25155
GHSA-8HGG-XXM5-3873

Affected Products

Dompurify