Description
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.6.16
References
Related Issues
- min-document vulnerable to prototype pollution - CVE-2025-57352
- Vite bypasses server.fs.deny when using ?raw?? - CVE-2025-30208
- node-gettext vulnerable to Prototype Pollution - CVE-2024-21528
- Axios Cross-Site Request Forgery Vulnerability - CVE-2023-45857
- Tags:
- npm
- ContentTools
Anything's wrong? Let us know Last updated on March 24, 2025