CVE-2024-48910 - Cross Site Scripting (XSS)
Severity: None2025-03-11
Abstract
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
The Oxygen products incorporate DOMPurify as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback v5.0.2 and older | None | Oxygen Feedback 5.1 build 2024121116 |
Detail
CVE-2024-48910
Severity: Critical
CVSS Score: 9.1
The DOMPurify third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-48910 vulnerability description. However, DOMPurify features used in Oxygen products are not publicly accessible. For that reason Oxygen products are not affected by this vulnerability.
Starting with Oxygen Feedback v5.1 build 2024121116 DOMPurify library was updated to a version that fixes this vulnerability.