Home / Vulnerabilities / Information / Out-of-date Version (DOMPurify)

Out-of-date Version (DOMPurify)

Severity: Information

Summary#

Invicti identified the target web site is using DOMPurify and detected that it is out of date. DOMPurify is a XSS sanitizer library for HTML, MathML and SVG.

Impact#

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation#

Please upgrade your installation of DOMPurify to the latest stable version.

Classifications#

PCI v3.2-6.2, CAPEC-310, CWE-1035, 937, HIPAA-164.308(a)(1)(i), OWASP 2013-A9, OWASP 2017-A9, ISO27001-A.14.1.2

CWE Top 25 for 2023: Buffer overflows, XSS, SQL injection lead the pack
CWE/SANS Top 25 Software Errors for 2019
XSS filter evasion: Why filtering doesn’t stop cross-site scripting
Cross-site scripting (XSS)

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works

Related Articles

Build your resistance to threats. And save hundreds of hours each month.