Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/08 8:1 p.m.38 views

CVE-2026-44541 Fides: DOM-based XSS vulnerability in fides.js via fides_description override

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

7CVSS0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 8:1 p.m.11 views

EUVD-2026-35201

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

7CVSS5.4AI score0.00297EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 8:1 p.m.9 views

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

7CVSS5.3AI score0.00297EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 8:1 p.m.25 views

CVE-2026-44541

CVE-2026-44541 affects Fides, an open-source privacy engineering platform. A DOM-based XSS exists in the client-side script fides.js when HTML-formatted descriptions are enabled, reachable from version 2.33.0 up to before 2.84.5. The vulnerability is triggered via the fides_description override, ...

7CVSS5.3AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 8:1 p.m.4 views

CVE-2026-44541 Fides: DOM-based XSS vulnerability in fides.js via fides_description override

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fidesdescription override. This issue has been patched in version 2.84.5...

7CVSS5.9AI score0.00297EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 7:4 p.m.16 views

ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

7CVSS6AI score0.00297EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder