Miggo Logo
Miggo Vulnerability Database
CVE-2020-26870

CVE-2020-26870:
Cross-site Scripting in dompurify

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-26870
GHSA ID
GHSA-63q7-h895-m982
EPSS Score
0.5207%
CWE
CWE-79
Published
12/18/2020
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dompurifynpm< 2.0.172.0.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from an incomplete element list in the mXSS protection check. The commit diff shows the patched version adds 'table' to the querySelectorAll() check in SVG/MathML contexts. This matches the CVE description of FORM nesting causing namespace changes, and the test fixture added demonstrates exploitation via <table> elements. The function responsible for this check in createDOMPurify() was vulnerable because it failed to account for all mutation-prone elements.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ur*** *OMPuri*y ***or* *.*.** *llows mut*tion XSS. T*is o**urs ****us* * s*ri*liz*-p*rs* roun*trip *o*s not n***ss*rily r*turn t** ori*in*l *OM tr**, *n* * n*m*sp*** **n ***n** *rom *TML to M*t*ML, *s **monstr*t** *y n*stin* o* *ORM *l*m*nts.

Reasoning

T** vuln*r**ility st*ms *rom *n in*ompl*t* *l*m*nt list in t** mXSS prot**tion ****k. T** *ommit *i** s*ows t** p*t**** v*rsion ***s 't**l*' to t** `qu*ryS*l**tor*ll()` ****k in SV*/M*t*ML *ont*xts. T*is m*t***s t** *V* **s*ription o* *ORM n*stin* **