Vulnerability	Vulnerable Version
M Prototype Pollution tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Prototype Pollution via the `addOrUpdate()` function. An attacker who can alter a site's source code can corrupt data and possibly execute scripts. How to fix Prototype Pollution? Upgrade `tarteaucitronjs` to version 1.20.1 or higher.	<1.20.1
M Cross-site Scripting (XSS) tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in `getElemAttr`, which accepts unfiltered attribute values. A user with high privileges who can alter the source code of an application can execute scripts by entering a URL containing an insecure scheme such as `javascript:alert()` and convincing another user to follow a link to the URL. How to fix Cross-site Scripting (XSS)? Upgrade `tarteaucitronjs` to version 1.20.1 or higher.	<1.20.1
M Cross-site Scripting (XSS) tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `getElemWidth()` and `getElemHeight()`. This is related to SNYK-JS-TARTEAUCITRONJS-8366541 How to fix Cross-site Scripting (XSS)? Upgrade `tarteaucitronjs` to version 1.17.0 or higher.	<1.17.0
M Cross-site Scripting (XSS) tarteaucitronjs is a package that provides compliance to the European cookie law. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of the services attributes value. How to fix Cross-site Scripting (XSS)? Upgrade `tarteaucitronjs` to version 1.16.0 or higher.	<1.16.0

Go back to all versions of this package