EUVD-2025-19885

Malicious code in bioql PyPI...

tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...

CVE-2025-48939 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

CVE-2025-48939 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

PT-2025-9272 · Stage.Js · Stage.Js

Name of the Vulnerable Software and Affected Versions: Stage.js versions 0.8.10 and earlier Description: The issue allows DOM Clobbering, which can result in XSS for untrusted input that contains HTML but does not directly contain JavaScript. This is because the document.currentScript lookup can ...

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...