← volver
CVE-2026-6218

aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting

CVSS 5.3 MEDIUMEPSS 0.3%CWE-79CWE-94
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 5.3EPSS 0.3%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
13 abr 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
Productos afectados
aandrew-me · ytDownloader
PoCs públicas encontradas1
cve_referencegithub.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4https://vuldb.com/submit/785842https://vuldb.com/vuln/357139https://vuldb.com/vuln/357139/cti