Out-of-date Version (DOMPurify)

Summary

Netsparker identified the target web site is using DOMPurify and detected that it is out of date. DOMPurify is a XSS sanitizer library for HTML, MathML and SVG.

Impact

Since this is an old version of the software, it may be vulnerable to attacks.

Remediation

Please upgrade your installation of DOMPurify to the latest stable version.

Classifications

PCI v3.1-6.2, PCI v3.2-6.2, CAPEC-310, CWE-829, HIPAA-829, ISO27001-A.14.1.2, OWASP PC-C1, OWASP 2013-A9, OWASP 2017-A9

Netsparker Security Insights

Separating Subdomains From Third-Party Hosted WWW Domains
Analyzing Impact of WWW Subdomain on Cookie Security
DOM Based Cross-site Scripting Vulnerability

Helpful Use Cases

Knowing and Preventing DOM-based XSS