Amauric/tarteaucitron.js
by Amauric
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48939 | 0.00 | — | 0.00 | Jul 3, 2025 | tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML… | |||
| CVE-2025-31476 | 0.00 | — | 0.00 | Apr 7, 2025 | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert().… | |||
| CVE-2025-31475 | 0.00 | — | 0.00 | Apr 7, 2025 | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the… | |||
| CVE-2025-31138 | 0.00 | — | 0.00 | Apr 7, 2025 | tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height) were not properly validated. This allowed an attacker with direct access to… | |||
| CVE-2023-3620 | 0.00 | — | 0.00 | Jul 11, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1. |
- CVE-2025-48939Jul 3, 2025risk 0.00cvss —epss 0.00
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML…
- CVE-2025-31476Apr 7, 2025risk 0.00cvss —epss 0.00
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges (access to the site's source code or a CMS plugin) to enter a URL containing an insecure scheme such as javascript:alert().…
- CVE-2025-31475Apr 7, 2025risk 0.00cvss —epss 0.00
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the…
- CVE-2025-31138Apr 7, 2025risk 0.00cvss —epss 0.00
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height) were not properly validated. This allowed an attacker with direct access to…
- CVE-2023-3620Jul 11, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.