{"id":"GHSA-pgjv-jrg2-gq3v","summary":"dompurify vulnerable to Cross-site Scripting","details":"dompurify prior to version 2.2.2 is vulnerable to cross-site scripting when converting from SVG namespace.","modified":"2023-01-11T23:47:05Z","published":"2023-01-11T23:47:05Z","database_specific":{"github_reviewed_at":"2023-01-11T23:47:05Z","github_reviewed":true,"nvd_published_at":null,"cwe_ids":[],"severity":"MODERATE"},"references":[{"type":"WEB","url":"https://github.com/cure53/DOMPurify/issues/482"},{"type":"PACKAGE","url":"https://github.com/cure53/DOMPurify"},{"type":"WEB","url":"https://github.com/cure53/DOMPurify/releases/tag/2.2.2"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-1035544"}],"affected":[{"package":{"name":"dompurify","ecosystem":"PyPI","purl":"pkg:pypi/dompurify"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.2"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-pgjv-jrg2-gq3v/GHSA-pgjv-jrg2-gq3v.json"}}],"schema_version":"1.7.3"}