Description
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.6.16
References
Related Issues
- @tiptap/extension-link vulnerable to Cross-site Scripting (XSS) - CVE-2025-14284
- Parse Server has a Cross-Site Scripting (XSS) vulnerability via Unescaped Mustache Template Variables - CVE-2025-68115
- DOMPurify allows Cross-site Scripting (XSS) - CVE-2025-26791
- QMarkdown Cross-Site Scripting (XSS) vulnerability - CVE-2025-43954
- Tags:
- npm
- ContentTools
Anything's wrong? Let us know Last updated on March 24, 2025