Out-of-date Version (DOMPurify)

Summary #

Netsparker identified the target web site is using DOMPurify and detected that it is out of date. DOMPurify is a XSS sanitizer library for HTML, MathML and SVG.

Impact #

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation #

Please upgrade your installation of DOMPurify to the latest stable version.

Classifications #

PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP PC-C1, OWASP 2013-A9, OWASP 2017-A9

Netsparker Security Insights #

Separating Subdomains From Third-Party Hosted WWW Domains
Analyzing Impact of WWW Subdomain on Cookie Security
DOM Based Cross-site Scripting Vulnerability

Helpful Use Cases #

Knowing and Preventing DOM-based XSS