Severity: None2025-03-11
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
The Oxygen products incorporate DOMPurify as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
| Product | Severity | Fixed Release Availability |
| Oxygen Feedback v5.1 and older | None | N/A |
CVE-2024-47875
Severity: Critical
CVSS Score: 10.0
The DOMPurify third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-47875 vulnerability description. However, DOMPurify features used in Oxygen products are not publicaly accessible. For that reason Oxygen products are not affected by this vulnerability.
This website was created & generated with <oXygen/>®XML Editor
