CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

EUVD•added 2026/05/20 12:31 a.m.•7 views

EUVD-2026-30997

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

5.8AI score0.00033EPSS

Exploits0References2

NVD•added 2026/05/19 11:16 p.m.•7 views

CVE-2026-6095

6.1CVSS0.00033EPSS

Exploits0References1

CVE•added 2026/05/19 10:26 p.m.•11 views

CVE-2026-6095

The CVE-2026-6095 issue affects Orejime (0.0.0 to 2.0.15) and is a Cross-site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation, specifically the IframeConsent element writing HTML attributes without escaping. This can allow malicious input to inj...

6.1CVSS5.8AI score0.00033EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/19 10:26 p.m.•5 views

CVE-2026-6095 Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

5.8AI score0.00033EPSS

Exploits0References1

ATTACKERKB•added 2026/05/19 10:26 p.m.•6 views

CVE-2026-6095

5.8AI score0.00033EPSS

Exploits0References2

Cvelist•added 2026/05/19 10:26 p.m.•31 views

CVE-2026-6095 Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

0.00033EPSS

Exploits0References1

CNNVD•added 2026/05/19 12:0 a.m.•7 views

Drupal Orejime 跨站脚本漏洞

Drupal Orejime is a Drupal privacy and cookie consent management module developed by the Drupal company. Versions of Drupal Orejime prior to 2.0.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during the web page generation process, which could le...

6.1CVSS5.6AI score0.00033EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•4 views

PT-2026-33239

Name of the Vulnerable Software and Affected Versions Drupal Orejime versions 0.0.0 through 2.0.15 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The IframeConsent element writes HTML attributes without escaping their values. An attacker...

5.9AI score0.00033EPSS

Exploits0References3

Drupal•added 2026/04/08 12:0 a.m.•8 views

Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032

The IframeConsent element writes HTML attributes without escaping their value. This module has a XSS vulnerability. If an attacker is able to write an tag, they may be able to insert arbitrary JavaScript. This vulnerability is mitigated by the fact that a text format that allows iframe-consent HT...

6.1CVSS5.9AI score0.00033EPSS

Exploits0References1

Veracode•added 2026/02/25 8:6 a.m.•4 views

Cross-site Scripting (XSS)

Orejime is vulnerable to cross-site scripting XSS. The vulnerability is due to Orejime converting data- attributes into active attributes e.g., data-href → href without sanitization, which allows an attacker to execute malicious javascript: code if they can inject HTML into the page...

6.1CVSS5.8AI score0.00025EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/12/20 5:12 p.m.•3 views

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

6.3CVSS6.9AI score0.00025EPSS

Exploits0References1

EUVD•added 2025/12/19 7:17 p.m.•4 views

EUVD-2025-204585

Orejime has executable code in HTML attributes...

6.3CVSS6.5AI score0.00025EPSS

Exploits0References4

OSV•added 2025/12/19 7:17 p.m.•0 views

GHSA-72MH-HGPM-6384 Orejime has executable code in HTML attributes

Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...

6.1CVSS6.9AI score0.00025EPSS

Exploits0References5

Github Security Blog•added 2025/12/19 7:17 p.m.•5 views

Orejime has executable code in HTML attributes

6.1CVSS7AI score0.00025EPSS

Exploits0References5Affected Software1

Snyk•added 2025/12/19 5:43 p.m.•3 views

Cross-site Scripting (XSS)

Overview orejime is an A lightweight and accessible consent manager Affected versions of this package are vulnerable to Cross-site Scripting XSS via the process that transforms data-href attributes into href attributes. An attacker can execute arbitrary JavaScript code by injecting malicious HTML...

6.3CVSS5.3AI score0.00025EPSS

Exploits0References2

NVD•added 2025/12/19 5:15 p.m.•3 views

CVE-2025-68457

6.1CVSS0.00025EPSS

Exploits0References3

CVE•added 2025/12/19 4:40 p.m.•7 views

CVE-2025-68457

CVE-2025-68457 affects Orejime prior to version 2.3.2. The issue arises when HTML elements managed by Orejime contain embedded javascript: code within data attributes. During consent related processing, Orejime converts data attributes (e.g., data-href) into unprefixed attributes (e.g., href), al...

6.1CVSS6.6AI score0.00025EPSS

Exploits0References3Affected Software1

OSV•added 2025/12/19 4:40 p.m.•1 views

CVE-2025-68457 Orejime has executable code in HTML attributes

2.3CVSS6.8AI score0.00025EPSS

Exploits0References5

Vulnrichment•added 2025/12/19 4:40 p.m.•2 views

CVE-2025-68457 Orejime has executable code in HTML attributes

2.3CVSS6.6AI score0.00025EPSS

Exploits0References3

CNNVD•added 2025/12/19 12:0 a.m.•1 views

Orejime 跨站脚本漏洞

Orejime is an open source user consent management tool from Boscop. A cross-site scripting vulnerability exists in Orejime versions prior to 2.3.2, which stems from embedded javascript code in the data attribute and could lead to the execution of malicious code...

6.1CVSS6.1AI score0.00025EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by