View all vulnerabilities

CVE-2024-47875

DOMpurify has a nesting-based mXSS

DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and[merge 943](https://github.com/cure53/DOMPurify/pull/943)Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-pickingPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
10
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Affected Versions
dompurify < 2.5.0; dompurify >= 3.0.0 < 3.1.3
Severity
Ecosystem
JavaScript
Publish Date
October 11, 2024
Modified Date
October 11, 2024