Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.6AI score0.00239EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/11 9:30 a.m.6 views

SUSE CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS6AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 3:35 p.m.8 views

EUVD-2025-209373

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS6AI score0.00239EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/09 3:13 p.m.9 views

org.webjars.npm:rrweb (=1.0.7), org.webjars.npm:rrweb-player (=0.7.9) potentially affected by CVE-2025-45806 via org.webjars.npm:rrweb-snapshot (=1.1.10)

org.webjars.npm:rrweb-snapshot MAVEN version =1.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:rrweb-snapshot and may be impacted: - org.webjars.npm:rrweb =1.0.7 - org.webjars.npm:rrweb-player =0.7.9 Source cves: CVE-2025-45806...

6.1CVSS5.8AI score0.00239EPSS
Exploits0
Snyk
Snyk
added 2026/04/09 3:13 p.m.11 views

Cross-site Scripting (XSS)

Overview rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting a speciall...

6.1CVSS5.8AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 3:13 p.m.7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:rrweb-snapshot is a rrweb's component to take a snapshot of DOM, aka DOM serializer Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rrweb-snapshot process. An attacker can execute arbitrary web scripts or inject malicious HTML by...

6.1CVSS5.9AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 2:16 p.m.2 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.2 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 12:0 a.m.21 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31610

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.3 views

CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.00239EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 12:0 a.m.15 views

CVE-2025-45806

CVE-2025-45806 describes a cross-site scripting (XSS) vulnerability in the rrweb-snapshot package prior to 2.0.0-alpha.18 . An attacker can inject a crafted payload to execute arbitrary scripts in affected environments. Affected component: rrweb-snapshot (DOM serialization). Underlying issue cite...

6.1CVSS6AI score0.00239EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/11/24 12:56 p.m.3 views

EUVD-2025-198679

Malicious code in @posthog/rrweb-snapshot npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 12:56 p.m.8 views

Malicious code in @posthog/rrweb-snapshot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e09f740a4b99a55a685452aa412d77942e67c0de95136282343012196ed7bf41 The package @posthog/rrweb-snapshot was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 12:56 p.m.3 views

MAL-2025-190674 Malicious code in @posthog/rrweb-snapshot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e09f740a4b99a55a685452aa412d77942e67c0de95136282343012196ed7bf41 The package @posthog/rrweb-snapshot was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Rows per page
Query Builder