Description
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.6.16
References
Related Issues
- jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin - CVE-2025-9910
- @tiptap/extension-link vulnerable to Cross-site Scripting (XSS) - CVE-2025-14284
- CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package - CVE-2025-58064
- tarteaucitron Cross-site Scripting (XSS) - CVE-2025-1467
- Tags:
- npm
- ContentTools
Anything's wrong? Let us know Last updated on March 24, 2025