All vulnerabilities

CVE-2024-47875

DOMpurify has a nesting-based mXSS

Description

DOMpurify was vulnerable to nesting-based mXSS

fixed by 0ef5e537 (2.x) and merge 943

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under test

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
10
Severity
Critical
Ecosystem
JavaScript
Publish Date
October 11, 2024
Modified Date
February 3, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Affected Versions