CVE-2026-6218

aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79 CWE-94

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Productos afectados

aandrew-me · ytDownloader

PoCs públicas encontradas — 1

cve_referencegithub.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4 https://vuldb.com/submit/785842 https://vuldb.com/vuln/357139 https://vuldb.com/vuln/357139/cti