CVE-2026-49978 | cure53 DOMPurify up to 3.4.5 IN_PLACE sanitization cross site scripting
A vulnerability labeled as problematic has been found in cure53 DOMPurify up to 3.4.5. This affects an unknown part of the component IN_PLACE sanitization. Such manipulation leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2026-49978. The attack can be launched remotely. No exploit exists.