Aggregates CVE and security vulnerability intelligence across all getbrave-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-43337 | Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. | [email protected] | 4.3 | 0.15% | 2024-08-26 | 2024-08-27 |
| CVE-2024-35655 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave brave-popup-builder allows DOM-Based XSS.This issue affects Brave: from n/a through <= 0.6.9. | [email protected] | 5.9 | 0.11% | 2024-06-04 | 2026-04-23 |
| CVE-2023-51534 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2. | [email protected] | 5.9 | 0.05% | 2024-02-01 | 2026-04-28 |