2025-02-24
Summary:
The article discusses a low-severity Cross-site Scripting (XSS) vulnerability in the tarteaucitronjs package, specifically affecting versions before 1.17.0. The vulnerability is related to the getElemWidth() and getElemHeight() functions. The issue was published to the National Vulnerability Database and GitHub Advisory Database on February 23, 2025, and was last updated and reviewed on February 24, 2025. The vulnerability is identified as SNYK-JS-TARTEAUCITRONJS-8366541.
Form:
Platform: tarteaucitronjs
Version: <1.17.0
Vulnerability: XSS
Severity: Low
Date: Feb 23, 2025
What Undercode Say:
1. The vulnerability affects the `tarteaucitronjs` package.
2. Versions before 1.17.0 are impacted.
- The issue is a Cross-site Scripting (XSS) vulnerability.
4. The severity is classified as low.
- The vulnerability was published on February 23, 2025.
- It was updated and reviewed on February 24, 2025.
7. The vulnerability is linked to SNYK-JS-TARTEAUCITRONJS-8366541.
- The functions
getElemWidth()andgetElemHeight()are the root cause. - The issue was reported to the National Vulnerability Database.
- It was also published on the GitHub Advisory Database.
11. The vulnerability is considered low-risk.
- Users of
tarteaucitronjsshould update to version 1.17.0 or later. - The vulnerability was reviewed 2 hours before the last update.
14. The advisory was published yesterday.
- The issue is related to improper input validation.
- XSS vulnerabilities can allow attackers to inject malicious scripts.
17. The vulnerability is not classified as critical
References:
Reported By: https://github.com/advisories/GHSA-8wp9-x25p-8794
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help