Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

JavaScript Library

DOMPurify

DOMPurify is a DOM-only super-fast uber-tolerant XSS sanitizer for HTML MathML and SVG.

Official Site:

https://cure53.de/purify

Severity Summary:

Critical: 1 Medium: 8
Reference
Title
Severity
CVE-2024-48910
DOMPurify Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability
Critical
CVE-2019-16728
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-26870
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-25155
DOMPurify URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2024-45801
DOMPurify Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability
Medium
CVE-2024-47875
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-26791
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2026-0540
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-15599
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium