This page collects WhisperX intelligence signals tagged #CVE-2026-0540. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A medium severity Cross-Site Scripting (XSS) bypass vulnerability exists in DOMPurify versions 3.1.3 through 3.3.1. The vulnerability, tracked as CVE-2026-0540 and GHSA-v2wj-7wpq-c8vv, affects the library's `SAFE_FOR_XML` sanitization mode. The flaw stems from missing protection for five rawtext HTML elements (`noscrip...
A critical security vulnerability in DOMPurify, a widely-used HTML sanitization library, has been patched after exposing countless web applications to cross-site scripting (XSS) attacks. The flaw, tracked as CVE-2026-0540, allowed attackers to bypass the library's core security filters by exploiting a specific oversigh...
A critical sanitization bypass in the widely-used DOMPurify library has been identified, exposing applications like closenow.ai to cross-site scripting (XSS) attacks. The vulnerability, tracked as CVE-2026-0540, stems from a flawed regular expression that fails to properly sanitize five specific rawtext HTML elements: ...
A critical cross-site scripting (XSS) vulnerability in the widely-used DOMPurify HTML sanitization library has been patched, forcing a mandatory update for thousands of dependent applications. The flaw, tracked as CVE-2026-0540, allowed attackers to bypass the library's core security filters by exploiting a specific ov...