Medium severity6.1NVD Advisory· Published Feb 23, 2025· Updated Apr 29, 2026
CVE-2025-1467
CVE-2025-1467
Description
Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to SNYK-JS-TARTEAUCITRONJS-8366541
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tarteaucitronjsnpm | < 1.17.0 | 1.17.0 |
Affected products
1Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8wp9-x25p-8794ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-1467ghsaADVISORY
- gist.github.com/Rudloff/d48f525215bd5426cbb076116c4422ddnvdWEB
- github.com/AmauriC/tarteaucitron.js/commit/12490579001d5caa187adcaecb01da570a12076bnvdWEB
- github.com/AmauriC/tarteaucitron.js/issues/1184nvdWEB
- security.snyk.io/vuln/SNYK-JS-TARTEAUCITRONJS-8731160nvdWEB
News mentions
0No linked articles in our index yet.