DOMPurify — Vulnerabilities & Security Advisories 10

All 10 CVE vulnerabilities found in DOMPurify, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41240	DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix) CWE-183	7.2^AI	High^AI	2026-04-23
CVE-2026-41239	DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode CWE-79	6.8	Medium	2026-04-23
CVE-2026-41238	DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback CWE-79	6.9	Medium	2026-04-23
CVE-2026-0540	DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML CWE-79	6.1	Medium	2026-03-03
CVE-2025-15599	DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML CWE-79	6.1	Medium	2026-03-03
CVE-2025-48050	DOMPurify 安全漏洞 CWE-24	7.5	High	2025-05-15
CVE-2025-26791	DOMPurify 安全漏洞 CWE-79	4.5	Medium	2025-02-14
CVE-2024-48910	DOMPurify vulnerable to tampering by prototype polution CWE-1321	9.1	Critical	2024-10-31
CVE-2024-47875	DOMPurify nesting-based mXSS CWE-79	10.0	Critical	2024-10-11
CVE-2024-45801	Tampering by prototype polution in DOMPurify CWE-1333	7.3	High	2024-09-16

All 10 known CVE vulnerabilities affecting DOMPurify with full Chinese analysis, references, and POCs where available.