DOMPurify (344), XSS Bypass via selectedcontent Re-cloning – GHSA-87xg-pxx2-7hvx (Medium severity) -DC-Jun2026-56

Listen to this Post

The vulnerability arises from the interaction between the browser’s handling of the `` element and DOMPurify’s sanitisation walk.
When DOMPurify 3.4.4 receives an HTML string containing a ` Always active

Preferences
Statistics
Marketing
View preferences
Scroll to Top