CVE-2024-47875: DOMPurify nesting-based mXSS
Published Oct 11, 2024
·Updated
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
Affected Software
5 affected componentsFixes available
npm/dompurify>=3.0.0<3.1.3
3.1.3
npm/dompurify<2.5.0
2.5.0
Cure53 DOMPurify<2.5.0
Cure53 DOMPurify>=3.0.0<3.1.3
IBM watsonx.data intelligence<=5.2.0, 5.2.1, 5.3.0, 5.3.1
Remediation
Event History
Oct 11, 2024
CVE Published
via MITRE·02:59 PM
Data Sourced
via MITRE·02:59 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
RemedyAffected Software
Data Sourced
via Red Hat·03:20 PM
DescriptionSeverityAffected Software
Advisory Published
via GitHub·05:27 PM
Apr 27, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-47875?
The severity of CVE-2024-47875 is classified as high due to its potential for cross-site scripting attacks.
2
How do I fix CVE-2024-47875?
To fix CVE-2024-47875, update DOMPurify to version 2.5.0 or 3.1.3 or later.
3
What type of vulnerability is CVE-2024-47875?
CVE-2024-47875 is a nesting-based mXSS vulnerability affecting the DOMPurify library.
4
What versions of DOMPurify are affected by CVE-2024-47875?
CVE-2024-47875 affects DOMPurify versions between 3.0.0 and 3.1.2, as well as versions below 2.5.0.
5
Is CVE-2024-47875 a critical vulnerability?
Yes, CVE-2024-47875 is considered a critical vulnerability due to the risk of executing malicious scripts.