SUSE CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

EUVD-2025-209373

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

org.webjars.npm:rrweb (=1.0.7), org.webjars.npm:rrweb-player (=0.7.9) potentially affected by CVE-2025-45806 via org.webjars.npm:rrweb-snapshot (=1.1.10)

org.webjars.npm:rrweb-snapshot MAVEN version =1.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:rrweb-snapshot and may be impacted: - org.webjars.npm:rrweb =1.0.7 - org.webjars.npm:rrweb-player =0.7.9 Source cves: CVE-2025-45806...

Cross-site Scripting (XSS)

Overview rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting a speciall...

Cross-site Scripting (XSS)

Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...

@100mslive/roomkit-react (>=0.1.0 <=0.1.4-alpha.1), @18ways/mdx-translate (>=0.1.0-alpha.9d8992d35859 <=0.1.0-alpha.1011313d2aaf) +928 more potentially affected by CVE-2025-45806 via rrweb-snapshot (>=0.6.11 <=2.0.0-alpha.5)

rrweb-snapshot NPM version =0.6.11, =0.1.0, =0.1.0-alpha.9d8992d35859, =1.0.1, =1.1.0, =2.32.12, =0.0.220, =0.0.215, =0.0.237, =1.2.0, =0.1.0, =0.0.1, =1.4.0, =1.3.0, =1.0.1, =2.0.0-alpha.11, =2.0.0-alpha.15 and more Source cves: CVE-2025-45806 Source advisory: SNYK:JS-RRWEBSNAPSHOT-16427169...

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45806

CVE-2025-45806 is an XSS vulnerability in rrweb-snapshot prior to v2.0.0-alpha.18. The issue allows attacker-supplied payloads to execute arbitrary scripts/HTML in affected contexts. The vulnerability affects rrweb-snapshot, with the likely impact being client-side script execution when processin...

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2026-31610

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...