CVE-2024-47875 - Cross Site Scripting (XSS)
Severity: None2025-03-11
Abstract
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
The Oxygen products incorporate DOMPurify as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback v5.1 and older | None | N/A |
Detail
CVE-2024-47875
Severity: Critical
CVSS Score: 10.0
The DOMPurify third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-47875 vulnerability description. However, DOMPurify features used in Oxygen products are not publicaly accessible. For that reason Oxygen products are not affected by this vulnerability.