Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-0540— DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML

CVSS 6.1 · Medium EPSS 0.01% · P3
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-0540

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
Source: NVD (National Vulnerability Database)
Vulnerability Description
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like </noscript><img src=x onerror=alert(1)> in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
DOMPurify 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DOMPurify是Cure53个人开发者的一款使用JavaScript编写的,用于HTML、MathML和SVG的DOM(文档对象模型)。 DOMPurify 3.1.3至3.3.1版本和2.5.3至2.5.8版本存在安全漏洞,该漏洞源于SAFE_FOR_XML正则表达式缺少对五个原始文本元素的处理,可能导致绕过属性清理并执行跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
cure53DOMPurify 3.1.3 ~ 3.3.1 -

II. Public POCs for CVE-2026-0540

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-0540

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: DOMPurify
Same vendor: cure53
Same weakness: CWE-79

V. Comments for CVE-2026-0540

No comments yet

Leave a comment