A vulnerability was identified in tarteaucitron.js
, where the addOrUpdate
function, used for applying custom texts, did not properly validate input. This allowed an attacker with direct access to the site's source code or a CMS plugin to manipulate JavaScript object prototypes, leading to potential security risks such as data corruption or unintended code execution.
An attacker with high privileges could exploit this vulnerability to: - Modify object prototypes, affecting core JavaScript behavior, - Cause application crashes or unexpected behavior, - Potentially introduce further security vulnerabilities depending on the application's architecture.
The issue was resolved by ensuring that user-controlled inputs cannot modify JavaScript object prototypes.
{ "nvd_published_at": "2025-04-07T15:15:44Z", "cwe_ids": [ "CWE-1321" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-07T16:38:52Z" }