Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/07/03 5:15 p.m.6 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

4.2CVSS0.00176EPSS
Exploits1References2
CVE
CVEadded 2025/07/03 4:26 p.m.22 views

CVE-2025-48939

CVE-2025-48939 concerns tarteaucitron.js where, before version 1.22.0, code accessed document.currentScript without validating it was a real [removed] element. An attacker injecting HTML could cause DOM clobbering, potentially changing the script path (e.g., CDN domain). The issue stems from some...

4.2CVSS6.3AI score0.00176EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2025/07/03 12:0 a.m.4 views

tarteaucitron.js 安全漏洞

tarteaucitron.js is a cookie manager for the Amauri CHAMPEAUX Personal Developer. A security vulnerability exists in tarteaucitron.js versions prior to 1.22.0, which stems from a failure to validate that document.currentScript references an actual script element, which could result in a script pa...

4.2CVSS6.4AI score0.00176EPSS
Exploits1References2
OSV
OSVadded 2025/03/03 7:15 a.m.4 views

UBUNTU-CVE-2024-53382

Prism aka PrismJS through 1.29.0 allows DOM Clobbering with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript, because document.currentScript lookup can be shadowed by attacker-injected HTML elements...

5.4CVSS7.1AI score0.00293EPSS
Exploits1References2
Snyk
Snykadded 2025/03/03 6:47 a.m.3 views

Arbitrary Code Injection

Overview org.webjars.npm:prismjs is a lightweight, robust, elegant syntax highlighting library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the document.currentScript lookup process. An attacker can manipulate the web page content and execute unintended action...

5.4CVSS7.3AI score0.00293EPSS
Exploits1References2
SUSE CVE
SUSE CVEadded 2025/01/18 3:54 a.m.1 views

SUSE CVE-2024-45812

Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptle...

6.4CVSS6.2AI score0.00636EPSS
Exploits0References3
Veracode
Veracodeadded 2024/09/21 5:11 a.m.12 views

Cross Site Scripting(XSS)

Vite is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper handling of the document.currentScript lookup in Vite's script imports for cjs, iife, or umd output formats. It allows attackers to manipulate DOM elements, such as using unsanitized attributes in HTML tags, to...

6.4CVSS6.2AI score0.00636EPSS
Exploits0References11Affected Software1
OSV
OSVadded 2024/09/03 7:33 p.m.5 views

GHSA-GPRJ-6M2F-J9HX DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script you load. This information is gathered by looking up the value of document.currentScript.src. It is possible to "clobber" this lookup with otherwise benign HTML on the page, for example:...

6.4CVSS5.9AI score0.00397EPSS
Exploits0References5
Rows per page
Query Builder