Out-of-date Version (DOMPurify)

Summary #

Netsparker identified the target web site is using DOMPurify and detected that it is out of date. DOMPurify is a XSS sanitizer library for HTML, MathML and SVG.

Impact #

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation #

Please upgrade your installation of DOMPurify to the latest stable version.

Classifications #

PCI v3.1-6.2; PCI v3.2-6.2; CAPEC-310; CWE-937, 1035; HIPAA-164.308(a)(1)(i); ISO27001-A.14.1.2; OWASP PC-C1; OWASP 2013-A9; OWASP 2017-A9

Netsparker Security Insights #

Separating Subdomains From Third-Party Hosted WWW Domains
Analyzing Impact of WWW Subdomain on Cookie Security
DOM Based Cross-site Scripting Vulnerability

Helpful Use Cases #

Knowing and Preventing DOM-based XSS