GetmeUK ContentTools Cross-Site Scripting (XSS)

Description

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.6.16

References

• GHSA-4f2v-2gpq-qhjg
• vuldb.com
• CVE-2025-2699
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin - CVE-2025-9910
• tarteaucitron Cross-site Scripting (XSS) - CVE-2025-1467
• Nuxt DevTools vulnerable to cross-site scripting (XSS) - CVE-2025-52662
• Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS) - CVE-2025-27109

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

Tags:

npm

ContentTools