Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

Remediation

References

CVE-2024-47875

Related Vulnerabilities

WordPress Plugin TAuto Poster includes Backdoor [Only if downloaded via the vendor website] (1.4.5)

WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Upload (4.16.1)

WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6)

Oracle Application Server Other Vulnerability (CVE-2002-0840)

WordPress Plugin CommentLuv Cross-Site Scripting (2.92.3)

Severity

Medium

Classification

CVE-2024-47875 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities