| name | DOMPurify library with known vulnerabilities | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| severity | low | ||||||||||
| cvss-score | 4.8 | ||||||||||
| cvss-vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | ||||||||||
| cwe-id | CWE-1035 | ||||||||||
| cwe-name | OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities | ||||||||||
| compliance |
|
The application uses an outdated version of the DOMPurify library, which has known vulnerabilities.
{% tabs dompurify-library-with-known-vulnerabilities %} {% tab dompurify-library-with-known-vulnerabilities generic %} To fix this issue, please update DOMPurify to the latest available version on its official website.
Do not forget to update all the DOMPurify files you have on the server. {% endtab %}
{% endtabs %}