Regular Expression Denial of Service (ReDoS)

Overview tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the issuuid parameter hangling. An attacker can cause excessive CPU consumption and degrade service...

CVE-2026-22809 tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability

tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. This vulnerability is fixed in 1.29.0...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

EUVD-2025-4304

Malicious code in bioql PyPI...

Clickjacking

tarteaucitronjs is vulnerable to clickjacking. The vulnerability is due to improper validation of user-controlled CSS inputs for element dimensions, allowing attackers to overlay the viewport with malicious elements...

GHSA-8WP9-X25P-8794 tarteaucitron Cross-site Scripting (XSS)

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

CVE-2025-1467

The CVE-2025-1467 entry concerns tarteaucitronjs versions before 1.17.0, which are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight() functions. Multiple sources (NVD, Red Hat, Veracode, OSV, CIRCL, GHSA) consistently describe the flaw as an XSS issue rooted in in...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

CVE-2025-1467

Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541...

Cross-site Scripting (XSS)

Overview tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getElemWidth and getElemHeight. This is related to SNYK-JS-TARTEAUCITRONJS-8366541 Details Cross-site scripting or XSS is...

Cross-site Scripting (XSS)

Overview tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of the services attributes value. Details Cross-site scripting or XSS is a code vulnerability that...

Cross-site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user-input sanitization in width, theme, controls, img, and other parameters, which allows an attacker to inject and execute arbitrary JavaScript into the browser...