CVE-2024-48910 - Cross Site Scripting (XSS)

Severity: None2025-03-11

Security Advisories

Abstract

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

The Oxygen products incorporate DOMPurify as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v5.0.2 and olderNone Oxygen Feedback 5.1 build 2024121116

Mitigation

None

Detail

CVE-2024-48910

Severity: Critical

CVSS Score: 9.1

The DOMPurify third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-48910 vulnerability description. However, DOMPurify features used in Oxygen products are not publicly accessible. For that reason Oxygen products are not affected by this vulnerability.

Starting with Oxygen Feedback v5.1 build 2024121116 DOMPurify library was updated to a version that fixes this vulnerability.

List of Security Advisories