42 matches found
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
SUSE CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
EUVD-2025-209373
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
org.webjars.npm:rrweb (=1.0.7), org.webjars.npm:rrweb-player (=0.7.9) potentially affected by CVE-2025-45806 via org.webjars.npm:rrweb-snapshot (=1.1.10)
org.webjars.npm:rrweb-snapshot MAVEN version =1.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:rrweb-snapshot and may be impacted: - org.webjars.npm:rrweb =1.0.7 - org.webjars.npm:rrweb-player =0.7.9 Source cves: CVE-2025-45806...
@100mslive/roomkit-react (>=0.1.0 <=0.1.4-alpha.1), @18ways/mdx-translate (>=0.1.0-alpha.1126a057d035 <=0.1.0-alpha.1011313d2aaf) +879 more potentially affected by CVE-2025-45806 via rrweb-snapshot (>=0.6.11 <=2.0.0-alpha.5)
rrweb-snapshot NPM version =0.6.11, =0.1.0, =0.1.0-alpha.1126a057d035, =1.0.1, =1.1.0, =2.32.12, =0.0.220, =0.0.215, =0.0.237, =1.2.0, =0.1.0, =0.0.1, =1.0.1, =2.0.0-alpha.11, =0.0.2, =1.0.0 - @aiolosjs/rrplayer =0.1.0 and more Source cves: CVE-2025-45806 Source advisory:...
Cross-site Scripting (XSS)
Overview rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting a speciall...
Cross-site Scripting (XSS)
Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2026-31610
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
CVE-2025-45806 is an XSS vulnerability in rrweb-snapshot prior to v2.0.0-alpha.18. The issue allows attacker-supplied payloads to execute arbitrary scripts/HTML in affected contexts. The vulnerability affects rrweb-snapshot, with the likely impact being client-side script execution when processin...
rrweb 安全漏洞
rrweb is an open-source web recording and playback tool developed by rrweb-io. Versions of rrweb prior to v2.0.0-alpha.18 contained security vulnerabilities, which were caused by insufficient input validation and could lead to cross-site scripting attacks...
Malicious code in rrweb-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b The package rrweb-v1 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1456 Malicious code in rrweb-v1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b2c1a8d89ba0817d9264bc9f6e59c5c1e4c683b98ce32ba7d9bcb3e61f1f016b The package rrweb-v1 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @posthog/rrweb-replay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 084c272e547764a91347a8436855b707a75409f57fde2692078e9edf5d9b703b The package @posthog/rrweb-replay was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199299
Malicious code in @posthog/rrweb-replay npm...
MAL-2025-191299 Malicious code in @posthog/rrweb-replay (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 084c272e547764a91347a8436855b707a75409f57fde2692078e9edf5d9b703b The package @posthog/rrweb-replay was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198935
Malicious code in @posthog/react-rrweb-player npm...