-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows the vulnerability was in the 'getElemAttr' function which directly returned element attributes without sanitization. The patch added XSS filtering through a new 'fixSelfXSS' method, confirming this was the injection point. The function's purpose of retrieving DOM attributes makes it a clear vector for XSS when handling untrusted input.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| tarteaucitronjs | npm | < 1.13.1 | 1.13.1 |
JavaScriptJavaScriptKEV Misses 88% of Exploited CVEs- Get the report