CVE-2024-47875 — AI Deep Analysis Summary

🚨 **Essence**: DOMPurify (v2.5.0 & v3.1.3) has an **XSS flaw**. 🚫 **Consequences**: Malicious scripts execute in the browser. 💥 **Impact**: High integrity/availability loss, low confidentiality. Users' data is at risk.

🛡️ **CWE-79**: Cross-site Scripting. 🐛 **Flaw**: DOMPurify fails to sanitize input properly. 📉 **Result**: Allows malicious JavaScript injection into the DOM. 🧹 **Core Issue**: The sanitizer logic is bypassed.

🏢 **Vendor**: Cure53. 📦 **Product**: DOMPurify. 📅 **Affected**: Versions **< 2.5.0** AND **< 3.1.3**. 📉 **Note**: PhpSpreadsheet also affected via DOMPurify usage. 📋 **Check**: Your library version!

🕵️ **Hackers Can**: Inject arbitrary JS. 🍪 **Steal**: Cookies, sessions, sensitive data. 🔄 **Actions**: Perform actions on behalf of users. 📤 **Exfiltrate**: Data to external servers.…

🔓 **Auth**: None required (PR:N). 🖱️ **UI**: None required (UI:N). 🌐 **Network**: Remote (AV:N). 📊 **Complexity**: Low (AC:L). ⚡ **Threshold**: **VERY LOW**. Easy to exploit remotely.

🔥 **Yes, Public Exploits Exist**. 💻 **PoCs Available**: GitHub repos linked. 📂 **Specifics**: PhpSpreadsheet XSS PoC is public. 🌍 **Wild Exploitation**: Possible due to low barrier. ⚠️ **Risk**: High immediate threat.

🔍 **Check**: Scan for DOMPurify versions. 📦 **Dependency Audit**: Check `package.json` or `composer.json`. 🧪 **Test**: Use provided PoCs in isolated env. 📊 **Scanner**: Look for CWE-79 in HTML sanitizers.…

✅ **Fixed**: Yes. 📥 **Patch**: Upgrade to **DOMPurify ≥ 2.5.0** OR **≥ 3.1.3**. 🔗 **Ref**: Cure53 GitHub commits. 🔄 **Action**: Update immediately. 🛡️ **Official Fix**: Available via npm/composer.

🚧 **No Patch?**: Implement strict CSP. 🚫 **Block**: Inline scripts. 🧹 **Sanitize**: Custom input validation. 🛑 **Disable**: Unsafe DOMPurify features. 📝 **Monitor**: Log for XSS attempts.…

🔴 **Priority**: **HIGH**. 🚨 **Urgency**: Critical due to low exploit threshold. 📉 **CVSS**: High impact (I:H, A:H). ⏳ **Time**: Patch ASAP. 🛡️ **Recommendation**: Immediate update required.