XSS Vulnerability in DOMPurify Affecting Security Measures
CVE-2024-45801
Currently unrated
What is CVE-2024-45801?
A security flaw has been identified in DOMPurify, a widely used HTML, MathML, and SVG sanitizer. Malicious HTML can exploit advanced nesting techniques to bypass the depth checking implemented in recent releases. Additionally, attackers may utilize Prototype Pollution methods to further undermine these defenses, allowing for potential cross-site scripting (XSS) attacks. Users of DOMPurify are strongly advised to upgrade to the latest versions, 2.5.4 and 3.1.3, to mitigate this risk, as there are no known workarounds.