Vulnerabilidades em Cure53
10 resultadosCVE-2024-48910CRITICALDOMPurify vulnerable to tampering by prototype polutionEPSS 1.2%CVE-2024-47875CRITICALDOMPurify nesting-based mXSSEPSS 1.1%CVE-2024-45801HIGHTampering by prototype polution in DOMPurifyEPSS 0.8%CVE-2025-26791MEDIUMDOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).EPSS 0.6%CVE-2025-48050HIGHIn DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.EPSS 0.4%CVE-2026-0540MEDIUMDOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XMLEPSS 0.3%CVE-2026-41240MEDIUMDOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)EPSS 0.3%CVE-2025-15599MEDIUMDOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XMLEPSS 0.2%CVE-2026-41239MEDIUMDOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM modeEPSS 0.2%CVE-2026-41238MEDIUMDOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING FallbackEPSS 0.2%