5 matches found
EUVD-2025-10042
Malicious code in bioql PyPI...
GHSA-4HWX-XCC5-2HFC tarteaucitron.js allows prototype pollution via custom text injection
A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...
tarteaucitron.js allows prototype pollution via custom text injection
A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...
CVE-2025-31475 tarteaucitron.js allows prototype pollution via custom text injection
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...
CVE-2025-31475
CVE-2025-31475 affects tarteaucitron.js (prior to 1.20.1). The addOrUpdate function did not properly validate inputs, allowing an attacker with access to source or CMS plugins to perform prototype pollution, potentially modifying core JavaScript behavior, causing data corruption, crashes, or unin...