CVE-2026-6218

Summary

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

Affected Software

VendorProductVersion RangeStatus
aandrew-meytDownloader3.20.0affected
aandrew-meytDownloader3.20.1affected
aandrew-meytDownloader3.20.2affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References