Prudloff

**Name of the Vulnerable Software and Affected Versions** tarteaucitron.js versions prior to 1.20.1 **Description** A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges to enter a URL containing an insecure scheme, such as `javascript:alert()`. Insufficient URL validation could allow arbitrary JavaScript execution if a user clicked on a malicious link. An attacker with high privileges could insert a link exploiting an insecure URL scheme, leading to execution of arbitrary JavaScript code, theft of sensitive data through phishing attacks, or modification of the user interface behavior. **Recommendations** For versions prior to 1.20.1, update to version 1.20.1 to fix the vulnerability. As a temporary workaround, consider restricting access to the URL validation function to minimize the risk of exploitation. Avoid using insecure URL schemes in links until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gifplayer versions prior to 0.3.7 **Description** The issue is a cross-site scripting (XSS) vulnerability. All versions under 0.3.7 are impacted. **Recommendations** For versions prior to 0.3.7, please upgrade to 0.3.7 to resolve the issue.