VYPR
High severityNVD Advisory· Published Oct 11, 2024· Updated Nov 3, 2025

DOMPurify nesting-based mXSS

CVE-2024-47875

Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dompurifynpm
< 2.5.02.5.0
dompurifynpm
>= 3.0.0, < 3.1.33.1.3

Affected products

36

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.