CVE-2024-47875

CRITICAL Year: 2024
CVSS v3 Score
10.0
Critical
Weakness Type
CWE-79
View all →

Vulnerability Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

Related Vulnerabilities

CVE-2021-32671

CRITICAL
CVSS:10.0(Critical)

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 ...

CWE-792021

CVE-2023-0776

CRITICAL
CVSS:10.0(Critical)

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Comman...

CWE-792023

CVE-2019-13478

CRITICAL
CVSS:9.9(Critical)

The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.

CWE-792019

CVE-2020-7741

CRITICAL
CVSS:9.9(Critical)

This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payload...

CWE-792020

CVE-2021-42940

CRITICAL
CVSS:9.9(Critical)

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.

CWE-792021

CVE-2022-1571

CRITICAL
CVSS:9.9(Critical)

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cooki...

CWE-792022