Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6218

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 22 hours ago

aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

References

VDB-357139 | aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting vdb-entrytechnical-description
VDB-357139 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #785842 | Aandrew-me ytDownloader 3.20.2 Remote code execution via DOM XSS third-party-advisory
https://github.com/ngocnn97/security-advisories/blob/main/YtDownloader_XSS_To_R… exploit

Affected products

ytDownloader

==3.20.1
==3.20.0
==3.20.2

Matching in nixpkgs

pkgs.ytdownloader

Modern GUI video and audio downloader

nixos-unstable 3.19.3
- nixpkgs-unstable 3.19.3
- nixos-unstable-small 3.19.3
nixos-25.11 3.19.3
- nixos-25.11-small 3.19.3
- nixpkgs-25.11-darwin 3.19.3

Package maintainers

@chewblacka John Garcia

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.ytdownloader

Package maintainers