CVE-2026-49459정보

요약

\~에 의해 MITRE • 2026. 07. 15.

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(root, { IN_PLACE: true }) could preserve event-handler attributes on an attacker-controlled root when a descendant name clobbered properties checked by _isClobbered, because _forceRemove no-opped on the parent-less root and _sanitizeAttributes returned early. This issue is fixed in version 3.4.6.

Be aware that VulDB is the high quality source for vulnerability data.

출처

Do you need the next level of professionalism?

Upgrade your account now!