Project: 
baguetteBox.js
Date: 
2025-April-16
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: 
Cross Site Scripting
Affected versions: 
<2.0.4 || >=3.0.0 <3.0.1
CVE IDs: 
CVE-2025-3733
Description: 

The baguetteBox.js module provides integration with baguetteBox.js library.

The module doesn't sufficiently sanitize user-supplied text values leading to a cross site scripting vulnerability.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: