Description
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.6.16
References
Related Issues
- jQuery vulnerable to Cross-Site Scripting (XSS) - CVE-2011-4969
- min-document vulnerable to prototype pollution - CVE-2025-57352
- Remote code execution via the `pretty` option. - CVE-2021-21353
- Vite bypasses server.fs.deny when using ?raw?? - CVE-2025-30208
- Tags:
- npm
- ContentTools
Anything's wrong? Let us know Last updated on March 24, 2025