Lucene search
K

4 matches found

OSV
OSV
added 2025/04/07 4:46 p.m.6 views

GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

4.8CVSS7.3AI score0.00307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/07 4:46 p.m.13 views

tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

4.8CVSS7.3AI score0.00307EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/07 2:52 p.m.9 views

CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

4.8CVSS7AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2025/04/07 2:52 p.m.71 views

CVE-2025-31476

Summary: CVE-2025-31476 affects tarteaucitron.js. A vulnerability caused by insufficient URL validation allowed a user with high privileges to insert URLs with insecure schemes (e.g., javascript:alert()) that could lead to arbitrary JavaScript execution when a link is clicked. The issue enables e...

4.8CVSS7AI score0.00307EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder