CVE-2024-47875

CRITICAL

DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-47875. PoCs published by roj1py.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2024-47875, an XSS vulnerability in PhpSpreadsheet's generateNavigation() function. The exploit generates malicious XLSX files with embedded JavaScript payloads in sheet names, which execute when converted to HTML.

Description

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

Exploits (1)

nomisec WORKING POC
by roj1py · poc
https://github.com/roj1py/CVE-2024-47875-PhpSpreadsheet-XSS-PoC

This repository contains a functional PoC for CVE-2024-47875, an XSS vulnerability in PhpSpreadsheet's generateNavigation() function. The exploit generates malicious XLSX files with embedded JavaScript payloads in sheet names, which execute when converted to HTML.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: PhpSpreadsheet < 2.2.2, < 2.1.2, < 1.29.4
No auth needed
Prerequisites: Target application using vulnerable PhpSpreadsheet version · Ability to upload malicious XLSX file to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 10.0
EPSS 0.0070
EPSS Percentile 72.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
cure53/dompurify < 2.5.0
npm/dompurify 0 - 2.5.0npm
Published Oct 11, 2024
Tracked Since Feb 18, 2026