DOMPurify Flaws Enable XSS Bypass Through ADD_ATTR and Prototype Pollution
Two newly disclosed flaws in DOMPurify can let attackers bypass the library’s sanitization logic and inject malicious attributes or unsafe URLs into supposedly cleaned HTML. One issue, tracked as GHSA-CJMM-F4JC-QW8R, affects deployments that use a predicate function with the ADD_ATTR configuration. If that predicate approves URI-bearing attributes such as href or src, DOMPurify can skip later mandatory safety checks, including protocol validation, allowing dangerous values such as javascript:, vbscript:, or data: to pass through and potentially trigger DOM-based cross-site scripting.
A second flaw, GHSA-CJ63-JHHR-WCXV, stems from prototype pollution when the USE_PROFILES option is enabled. In vulnerable versions, DOMPurify initializes ALLOWED_ATTR as a standard JavaScript array, allowing inherited properties from Array.prototype to influence attribute validation. An attacker able to pollute Array.prototype with entries such as onclick can cause DOMPurify to treat malicious event-handler attributes as explicitly allowed, creating another path to XSS. Together, the disclosures show that applications relying on DOMPurify may remain exposed if they use dynamic attribute approval or operate in environments where prototype pollution is possible.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
DOMPurify XSS bypass flaws are publicly disclosed
Two DOMPurify vulnerabilities were publicly disclosed: a logical flaw in ADD_ATTR predicate handling that can skip mandatory URI safety checks, and a prototype pollution issue in USE_PROFILES that can let polluted Array.prototype properties bypass attribute filtering. Both issues could allow malicious attributes or dangerous protocols to survive sanitization and lead to cross-site scripting.
Sources
2 references tracked. Mallory keeps watching after this page renders.
GHSA-CJMM-F4JC-QW8R: GHSA-CJMM-F4JC-QW8R: DOM-based XSS Bypass in DOMPurify via ADD_ATTR Predicate | CVEReports
cvereports.com
Open sourceGHSA-CJ63-JHHR-WCXV: GHSA-cj63-jhhr-wcxv: Prototype Pollution to XSS Bypass in DOMPurify USE_PROFILES | CVEReports
cvereports.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Happy DOM Code Injection and Express XSS Sanitizer Bypass Patched
Two high-severity flaws were disclosed in widely used JavaScript ecosystem packages, including a **remote code execution** issue in Happy DOM tracked as `CVE-2026-33943` and an **XSS protection bypass** in Express XSS Sanitizer tracked as `CVE-2026-33979`. In Happy DOM versions `15.10.0` through `20.8.7`, unsanitized names inside `export { }` declarations in the `ECMAScriptModuleCompiler` could be interpolated into generated code and executed, allowing arbitrary JavaScript injection through ES module scripts. The flaw is classified as `CWE-94` and was fixed in version `20.8.8`. Express XSS Sanitizer versions prior to `2.0.2` were found to mishandle restrictive `allowedTags` and `allowedAttributes` settings, causing explicitly empty configurations to be ignored and weakening intended sanitization controls. That behavior could leave applications exposed to cross-site scripting despite developers attempting to enforce strict filtering. The issue is tracked as `CVE-2026-33979`, mapped to `CWE-79` and `CWE-183`, and was corrected in version `2.0.2` by ensuring user-supplied sanitization settings are passed through as intended.
Mar 28, 2026
Stored XSS in sanitize-html Defaults via Disallowed `xmp` Tag Bypass
A vulnerability tracked as **CVE-2026-44990** allows stored cross-site scripting in `sanitize-html` when applications use the library’s default configuration and later render sanitized user content as trusted HTML. The flaw affects versions prior to **2.17.4** and stems from the handling of the disallowed `xmp` element: because `htmlparser2` treats `xmp` as a raw-text tag, attacker-supplied markup inside it is preserved as text during sanitization but can be emitted back as active HTML or JavaScript under the default `disallowedTagsMode: 'discard'` behavior. GitHub’s advisory and the upstream patch say the bypass can let payloads such as `<script>`, `img` event handlers, and `svg`-embedded script content survive filtering and execute in a victim’s browser. The fix in **2.17.4** adds `xmp` to `nonTextTags` so content inside a disallowed `xmp` tag is dropped instead of re-emitted, and regression tests were added to confirm the malicious content is removed. The issue was reported by **Vincenzo Turturro** (`sushi-gif`), and users of affected `sanitize-html` deployments, including those in **ApostropheCMS**, were urged to update immediately.
Jun 13, 2026
Client-Side Injection Flaws Expose Sessions and Sensitive Data in AVideo and dom-sanitizer
Two newly disclosed web application flaws expose users to client-side data theft through content injection. In AVideo's **TopMenu** plugin, a stored cross-site scripting issue tracked as `GHSA-GMPC-FXG2-VCMQ` carries a CVSS 3.1 score of **6.1** and allows attackers to inject JavaScript that can read `document.cookie`, steal active session tokens, and impersonate users or administrators. Because the TopMenu component is rendered globally across the application, a malicious payload can execute for all site visitors, creating broad exposure and enabling follow-on attacks such as credential harvesting and fake login prompts. A separate issue in `rhukster/dom-sanitizer`, tracked as `GHSA-93VF-569F-22CQ`, allows **CSS injection** through SVG `style` tags and is rated **4.7** under CVSS 3.1. The flaw can be exploited remotely without authentication when a victim renders a crafted SVG in a browser, potentially disclosing the victim's IP address, browser details, exact page URL, and sensitive DOM-resident data such as CSRF tokens or partial session identifiers. While the sanitizer flaw does not directly alter server-side state or disrupt availability, both disclosures highlight how server-side handling of untrusted content can be turned into browser-based theft of session and application data.
Apr 11, 2026