CVE-2026-6218

aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79 CWE-94

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Produtos afetados

aandrew-me · ytDownloader

PoCs públicas encontradas — 1

cve_referencegithub.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4 https://vuldb.com/submit/785842 https://vuldb.com/vuln/357139 https://vuldb.com/vuln/357139/cti