Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-19885

Malicious code in bioql PyPI...

4.2CVSS6.3AI score0.00176EPSS
Exploits1References3
OSV
OSV
added 2025/07/03 4:59 p.m.4 views

GHSA-Q43X-79JR-CQ98 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...

4.2CVSS5.9AI score0.00176EPSS
Exploits1References4
CVE
CVE
added 2025/07/03 4:26 p.m.23 views

CVE-2025-48939

CVE-2025-48939 concerns tarteaucitron.js where, before version 1.22.0, code accessed document.currentScript without validating it was a real [removed] element. An attacker injecting HTML could cause DOM clobbering, potentially changing the script path (e.g., CDN domain). The issue stems from some...

4.2CVSS6.3AI score0.00176EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/10 4:0 a.m.12 views

CVE-2025-31475

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...

5.5CVSS7.4AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2025/04/07 4:46 p.m.6 views

GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

4.8CVSS7.3AI score0.0033EPSS
Exploits0References4
OSV
OSV
added 2025/04/07 4:38 p.m.6 views

GHSA-4HWX-XCC5-2HFC tarteaucitron.js allows prototype pollution via custom text injection

A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...

5.5CVSS7.5AI score0.00322EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/07 4:38 p.m.11 views

tarteaucitron.js allows prototype pollution via custom text injection

A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...

6.6CVSS7.5AI score0.00322EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/07 4:38 p.m.12 views

tarteaucitron.js allows UI manipulation via unrestricted CSS injection

A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...

6.6CVSS7.2AI score0.0025EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15240 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.20.1 Description: A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges to enter a URL containing an insecure scheme, such as javascript:alert. Insufficient URL validatio...

4.8CVSS6.2AI score0.0033EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.5 views

PT-2025-15236 · Unknown · Tarteaucitron.Js

Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.20.1 Description: A vulnerability was identified in the addOrUpdate function of tarteaucitron.js, which did not properly validate input. This allowed an attacker with direct access to the site's source cod...

5.5CVSS6.9AI score0.00322EPSS
Exploits0References9
Rows per page
Query Builder