Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](https://security.snyk.io/vuln/SNYK-JS-TARTEAUCITRONJS-8366541)
CVE ID: CVE-2025-1467
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.1
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P
Vendor: n/a
Product: tarteaucitronjs
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 8.88% (scored less or equal to compared to others)
EPSS Date: 2025-03-24 (when was this score calculated)