Homepage

tarteaucitronjs@1.3.1 vulnerabilities

tarteaucitron.io - Get a compliant and accessible cookie banner

  • latest version

    1.21.0

  • latest non vulnerable version

    1.21.0

  • first published

    6 years ago

  • latest version published

    6 days ago

  • licenses detected

  • View tarteaucitronjs package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the tarteaucitronjs package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Prototype Pollution

    tarteaucitronjs is a package that provides compliance to the European cookie law.

    Affected versions of this package are vulnerable to Prototype Pollution via the addOrUpdate() function. An attacker who can alter a site's source code can corrupt data and possibly execute scripts.

    How to fix Prototype Pollution?

    Upgrade tarteaucitronjs to version 1.20.1 or higher.

    <1.20.1
    • M
    Cross-site Scripting (XSS)

    tarteaucitronjs is a package that provides compliance to the European cookie law.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in getElemAttr, which accepts unfiltered attribute values. A user with high privileges who can alter the source code of an application can execute scripts by entering a URL containing an insecure scheme such as javascript:alert() and convincing another user to follow a link to the URL.

    How to fix Cross-site Scripting (XSS)?

    Upgrade tarteaucitronjs to version 1.20.1 or higher.

    <1.20.1
    • M
    Cross-site Scripting (XSS)

    tarteaucitronjs is a package that provides compliance to the European cookie law.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to SNYK-JS-TARTEAUCITRONJS-8366541

    How to fix Cross-site Scripting (XSS)?

    Upgrade tarteaucitronjs to version 1.17.0 or higher.

    <1.17.0
    • M
    Cross-site Scripting (XSS)

    tarteaucitronjs is a package that provides compliance to the European cookie law.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of the services attributes value.

    How to fix Cross-site Scripting (XSS)?

    Upgrade tarteaucitronjs to version 1.16.0 or higher.

    <1.16.0
    • M
    Cross-site Scripting (XSS)

    tarteaucitronjs is a package that provides compliance to the European cookie law.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via width, theme, controls, img and other attributes

    How to fix Cross-site Scripting (XSS)?

    Upgrade tarteaucitronjs to version 1.14.0 or higher.

    <1.14.0
    Go back to all versions of this package