37 matches found
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
Summary A potential Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. Details The issue was caused by the use of insufficiently constrained regular expressions applied to attacker-controlled input: if...
EUVD-2022-6233
Malicious code in bioql PyPI...
EUVD-2025-15350
Malicious code in bioql PyPI...
EUVD-2025-18664
Malicious code in bioql PyPI...
EUVD-2023-2043
Malicious code in bioql PyPI...
CVE-2025-48939
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual...
CVE-2025-48939
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...
PT-2025-27811 · Unknown · Tarteaucitron.Js
Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.22.0 Description: A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML elemen...
Cross-site Scripting (XSS)
tarteaucitron-wp is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing author-level users to inject arbitrary HTML into posts or pages...
CVE-2022-33155
The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...
CVE-2024-11718
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
GHSA-FXPC-QMRH-7J2H tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11719
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-11718
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11719
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-11718
The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-11719 tarteaucitron.js for WordPress < 0.3.0 - Stored XSS via CSRF
The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-11718
The CVE concerns tarteaucitron-wp WordPress plugin prior to version 0.3.0. Affected scenario: author level and above users can insert HTML into a post/page, enabling Stored XSS for users with contributor role or higher. Impact stated as Stored XSS (content/script injection) with potential to affe...
PT-2025-21423 · WordPress · Tarteaucitron-Wp
Name of the Vulnerable Software and Affected Versions: tarteaucitron-wp WordPress plugin versions prior to 0.3.0 Description: The issue allows author level and above users to add HTML into a post/page, which could enable users with the contributor role and above to perform Stored Cross-Site...