Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/07/05 5:19 p.m.9 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual...

4.2CVSS6.3AI score0.00176EPSS
Exploits1References1
NVD
NVD
added 2025/07/03 5:15 p.m.8 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

4.2CVSS0.00176EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.4 views

PT-2025-27811 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.22.0 Description: A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML elemen...

4.2CVSS6AI score0.00176EPSS
Exploits1References7
Veracode
Veracode
added 2025/04/16 6:15 a.m.6 views

Arbitrary Code Execution (ACE)

Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...

4.8CVSS7.1AI score0.0033EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/10 3:59 a.m.11 views

CVE-2025-31138

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...

5.5CVSS6.8AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2025/04/07 4:38 p.m.4 views

GHSA-7524-3396-FQV3 tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

5.5CVSS7.2AI score0.0025EPSS
Exploits0References4
CVE
CVE
added 2025/04/07 2:44 p.m.62 views

CVE-2025-31138

CVE-2025-31138 affects tarteaucitron.js before 1.20.1, where unvalidated user-controlled inputs for element dimensions (width/height) could be used to cover the viewport and enable clickjacking. The vulnerability arises from improper validation of CSS values, potentially allowing overlays of mali...

6.6CVSS6.9AI score0.0025EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder