{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95352?format=json","vulnerability_id":"VCID-r6b8-q386-3ken","summary":"DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. Attackers can include closing rawtext tags like </textarea> in attribute values to break out of rawtext contexts and execute JavaScript when sanitized output is placed inside rawtext elements. The 3.x branch was fixed in 3.2.7; the 2.x branch was never patched.","aliases":[{"alias":"CVE-2025-15599"},{"alias":"GHSA-v8jm-5vwx-cfxm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96318?format=json","purl":"pkg:deb/debian/node-dompurify@3.3.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.3.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96312?format=json","purl":"pkg:deb/debian/node-dompurify@3.4.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.4.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077955?format=json","purl":"pkg:deb/debian/node-dompurify@3.4.5%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.4.5%252Bdfsg-1"},{"url":"http://public2.vulnerablecode.io/api/packages/33395?format=json","purl":"pkg:npm/dompurify@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-56ww-dvtp-8uc2"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-z8n7-dz6p-zqfb"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40105?format=json","purl":"pkg:npm/dompurify@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.7"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96311?format=json","purl":"pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-5b1v-85es-t3fb"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@2.4.1%252Bdfsg%252B~2.4.0-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076430?format=json","purl":"pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-5b1v-85es-t3fb"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@2.4.1%252Bdfsg%252B~2.4.0-2%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/96314?format=json","purl":"pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-5b1v-85es-t3fb"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-r6b8-q386-3ken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.1.7%252Bdfsg%252B~3.0.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1076431?format=json","purl":"pkg:deb/debian/node-dompurify@3.1.7%2Bdfsg%2B~3.0.5-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-5b1v-85es-t3fb"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-r6b8-q386-3ken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dompurify@3.1.7%252Bdfsg%252B~3.0.5-2"},{"url":"http://public2.vulnerablecode.io/api/packages/40106?format=json","purl":"pkg:npm/dompurify@2.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-56ww-dvtp-8uc2"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/33397?format=json","purl":"pkg:npm/dompurify@2.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/782475?format=json","purl":"pkg:npm/dompurify@2.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/782476?format=json","purl":"pkg:npm/dompurify@2.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/782477?format=json","purl":"pkg:npm/dompurify@2.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/40107?format=json","purl":"pkg:npm/dompurify@2.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@2.5.8"},{"url":"http://public2.vulnerablecode.io/api/packages/33396?format=json","purl":"pkg:npm/dompurify@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/782478?format=json","purl":"pkg:npm/dompurify@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/782479?format=json","purl":"pkg:npm/dompurify@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/782480?format=json","purl":"pkg:npm/dompurify@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/782481?format=json","purl":"pkg:npm/dompurify@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/782482?format=json","purl":"pkg:npm/dompurify@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/782483?format=json","purl":"pkg:npm/dompurify@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/782484?format=json","purl":"pkg:npm/dompurify@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/782485?format=json","purl":"pkg:npm/dompurify@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"},{"vulnerability":"VCID-zaud-3sc4-ykcg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/377348?format=json","purl":"pkg:npm/dompurify@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/956724?format=json","purl":"pkg:npm/dompurify@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/956725?format=json","purl":"pkg:npm/dompurify@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37xc-54fs-8fh6"},{"vulnerability":"VCID-3fxk-2qcb-jfa3"},{"vulnerability":"VCID-77rz-yewt-77cq"},{"vulnerability":"VCID-8d4n-d1dh-4fe9"},{"vulnerability":"VCID-8tpw-rcyz-xuhu"},{"vulnerability":"VCID-cmrb-k5pw-vffn"},{"vulnerability":"VCID-cv62-a95x-9uhe"},{"vulnerability":"VCID-jnpe-6ax6-zubr"},{"vulnerability":"VCID-r6b8-q386-3ken"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/dompurify@3.2.6"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15599.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15599","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10547","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10572","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12186","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12093","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-15599"},{"reference_url":"https://www.vulncheck.com/advisories/dompurify-xss-via-textarea-rawtext-bypass-in-safeforxml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.vulncheck.com/advisories/dompurify-xss-via-textarea-rawtext-bypass-in-safeforxml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444138","reference_id":"2444138","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444138"},{"reference_url":"https://github.com/cure53/DOMPurify/commit/c861f5a83fb8d90800f1680f855fee551161ac2b","reference_id":"c861f5a83fb8d90800f1680f855fee551161ac2b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T19:05:27Z/"}],"url":"https://github.com/cure53/DOMPurify/commit/c861f5a83fb8d90800f1680f855fee551161ac2b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15599","reference_id":"CVE-2025-15599","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15599"},{"reference_url":"https://github.com/cure53/DOMPurify","reference_id":"DOMPurify","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T19:05:27Z/"}],"url":"https://github.com/cure53/DOMPurify"},{"reference_url":"https://www.vulncheck.com/advisories/dompurify-xss-via-textarea-rawtext-bypass-in-safe-for-xml","reference_id":"dompurify-xss-via-textarea-rawtext-bypass-in-safe-for-xml","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-03T19:05:27Z/"}],"url":"https://www.vulncheck.com/advisories/dompurify-xss-via-textarea-rawtext-bypass-in-safe-for-xml"},{"reference_url":"https://github.com/advisories/GHSA-v8jm-5vwx-cfxm","reference_id":"GHSA-v8jm-5vwx-cfxm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8jm-5vwx-cfxm"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6b8-q386-3ken"}