CRITICAL🇵🇱 Wersja polska

CVE-2024-48910

CVSS 9.1v3.1pub. 2024-10-31upd. 2025-11-03

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Cure53 Dompurify

    APP
    Cure53
    < 2.4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-47875CRITICAL10.0PL ✓ten sam produkt

DOMPurify — podatność mXSS oparta na zagnieżdżaniu znaczników

CVE-2024-45801HIGH7.3ten sam produkt

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discove...

CVE-2026-41240MEDIUM6.0ten sam produkt

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have...

CVE-2025-15599MEDIUM5.1ten sam produkt

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows...

CVE-2026-0540MEDIUM5.3ten sam produkt

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting...