16 matches found
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
SUSE CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
EUVD-2025-209373
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
org.webjars.npm:rrweb (=1.0.7), org.webjars.npm:rrweb-player (=0.7.9) potentially affected by CVE-2025-45806 via org.webjars.npm:rrweb-snapshot (=1.1.10)
org.webjars.npm:rrweb-snapshot MAVEN version =1.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:rrweb-snapshot and may be impacted: - org.webjars.npm:rrweb =1.0.7 - org.webjars.npm:rrweb-player =0.7.9 Source cves: CVE-2025-45806...
Cross-site Scripting (XSS)
Overview rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting a speciall...
Cross-site Scripting (XSS)
Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
PT-2026-31610
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2025-45806
CVE-2025-45806 describes a cross-site scripting (XSS) vulnerability in the rrweb-snapshot package prior to 2.0.0-alpha.18 . An attacker can inject a crafted payload to execute arbitrary scripts in affected environments. Affected component: rrweb-snapshot (DOM serialization). Underlying issue cite...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198679
Malicious code in @posthog/rrweb-snapshot npm...
Malicious code in @posthog/rrweb-snapshot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e09f740a4b99a55a685452aa412d77942e67c0de95136282343012196ed7bf41 The package @posthog/rrweb-snapshot was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190674 Malicious code in @posthog/rrweb-snapshot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e09f740a4b99a55a685452aa412d77942e67c0de95136282343012196ed7bf41 The package @posthog/rrweb-snapshot was found to contain malicious code. Source: ghsa-malware...