10 matches found
EUVD-2025-19885
Malicious code in bioql PyPI...
GHSA-Q43X-79JR-CQ98 tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...
CVE-2025-48939
CVE-2025-48939 concerns tarteaucitron.js where, before version 1.22.0, code accessed document.currentScript without validating it was a real [removed] element. An attacker injecting HTML could cause DOM clobbering, potentially changing the script path (e.g., CDN domain). The issue stems from some...
CVE-2025-31475
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code ...
GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs
A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...
GHSA-4HWX-XCC5-2HFC tarteaucitron.js allows prototype pollution via custom text injection
A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...
tarteaucitron.js allows prototype pollution via custom text injection
A vulnerability was identified in tarteaucitron.js, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potenti...
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
A vulnerability was identified in tarteaucitron.js, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code or a CMS plugin to set values like 100%;height:100%;position:fixed;,...
PT-2025-15240 · Unknown · Tarteaucitron.Js
Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.20.1 Description: A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges to enter a URL containing an insecure scheme, such as javascript:alert. Insufficient URL validatio...
PT-2025-15236 · Unknown · Tarteaucitron.Js
Name of the Vulnerable Software and Affected Versions: tarteaucitron.js versions prior to 1.20.1 Description: A vulnerability was identified in the addOrUpdate function of tarteaucitron.js, which did not properly validate input. This allowed an attacker with direct access to the site's source cod...