aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-6218

Source VulDB

Published Apr 13, 2026 at 20:30

Affected Product

Vendor aandrew-me

Product ytDownloader

Version 3.20.0

Affected Versions aandrew-me ytDownloader 3.20.0
aandrew-me ytDownloader 3.20.1
aandrew-me ytDownloader 3.20.2

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.",
    "published": "2026-04-13T20:30:14.394Z",
    "modified": "2026-04-13T20:30:14.394Z",
    "type": "cve",
    "title": "aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/357139\nhttps://vuldb.com/vuln/357139/cti\nhttps://vuldb.com/submit/785842\nhttps://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_RCE_PoC.mp4",
    "id": "CVE-2026-6218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "aandrew-me ytDownloader 3.20.0\naandrew-me ytDownloader 3.20.1\naandrew-me ytDownloader 3.20.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ytDownloader",
    "version": "3.20.0",
    "vendor": "aandrew-me",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting_CVE-2026-6218