Lucene search
K

37 matches found

Github Security Blog
Github Security Blog
added 2026/01/13 8:35 p.m.10 views

tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

Summary A potential Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. Details The issue was caused by the use of insufficiently constrained regular expressions applied to attacker-controlled input: if...

4.4CVSS7AI score0.00107EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-15350

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00254EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6233

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00467EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2043

Malicious code in bioql PyPI...

5.4CVSS5.2AI score0.00469EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18664

Malicious code in bioql PyPI...

4.7CVSS6.5AI score0.0032EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/05 5:19 p.m.9 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual...

4.2CVSS6.3AI score0.00176EPSS
Exploits1References1
NVD
NVD
added 2025/07/03 5:15 p.m.8 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

4.2CVSS0.00176EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.4 views

PT-2025-27811 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.22.0 Description: A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML elemen...

4.2CVSS6AI score0.00176EPSS
Exploits1References7
Veracode
Veracode
added 2025/05/23 9:59 a.m.7 views

Cross-site Scripting (XSS)

tarteaucitron-wp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing author-level users to inject arbitrary HTML into posts or pages...

5.4CVSS6.3AI score0.00254EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 1:7 a.m.6 views

CVE-2022-33155

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

5.4CVSS6.9AI score0.00467EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.7 views

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 9:31 p.m.4 views

GHSA-FXPC-QMRH-7J2H tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.8CVSS6AI score0.00254EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/05/15 9:31 p.m.14 views

tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6AI score0.00254EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2025/05/15 8:15 p.m.5 views

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00254EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.2 views

CVE-2024-11719

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-11718

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00254EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.6 views

CVE-2024-11719

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.00149EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:6 p.m.10 views

CVE-2024-11719 tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00149EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.28 views

CVE-2024-11718

The CVE concerns tarteaucitron-wp WordPress plugin prior to version 0.3.0. Affected scenario: author level and above users can insert HTML into a post/page, enabling Stored XSS for users with contributor role or higher. Impact stated as Stored XSS (content/script injection) with potential to affe...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WordPress plugin tarteaucitron-wp 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.1CVSS6AI score0.00149EPSS
Exploits1References1
Rows per page
Query Builder