7 matches found
CVE-2025-48939
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual...
CVE-2025-48939
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...
PT-2025-27811 · Unknown · Tarteaucitron.Js
Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.22.0 Description: A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML elemen...
Arbitrary Code Execution (ACE)
Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...
CVE-2025-31138
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
GHSA-7524-3396-FQV3 tarteaucitron.js allows UI manipulation via unrestricted CSS injection
A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...
CVE-2025-31138
CVE-2025-31138 affects tarteaucitron.js before 1.20.1, where unvalidated user-controlled inputs for element dimensions (width/height) could be used to cover the viewport and enable clickjacking. The vulnerability arises from improper validation of CSS values, potentially allowing overlays of mali...