DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 13 Feb 2025 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat logging
CPEs cpe:/a:redhat:logging:5.6::el8
cpe:/a:redhat:logging:5.8::el9
Vendors & Products Redhat logging

Wed, 27 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products Redhat openshift Devspaces

Fri, 22 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.14::el8

Sat, 16 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat service Mesh
CPEs cpe:/a:redhat:openshift:4.15::el8
cpe:/a:redhat:service_mesh:2.5::el8
Vendors & Products Redhat service Mesh

Wed, 13 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift:4.17::el9

Wed, 06 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift
CPEs cpe:/a:redhat:openshift:4.16::el9
Vendors & Products Redhat openshift

Thu, 31 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:9

Wed, 23 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux

Sat, 12 Oct 2024 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Description DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
Title DOMPurify nesting-based mXSS
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-10-11T19:27:57.706Z

Reserved: 2024-10-04T16:00:09.630Z

Link: CVE-2024-47875

cve-icon Vulnrichment

Updated: 2024-10-11T19:27:51.954Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-11T15:15:05.860

Modified: 2024-10-15T12:58:51.050

Link: CVE-2024-47875

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-11T15:15:05Z

Links: CVE-2024-47875 - Bugzilla

cve-icon OpenCVE Enrichment

No data.