What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4.
Explanation of Vulnerability in Simple Terms
02Summary
tagDiv Opt-In Builder versions 1.7.4 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in visitors' browsers when they interact with the opt-in form. The vulnerability requires user interaction and can affect multiple users across the site. Update to a version newer than 1.7.4 to remediate.
What an attacker can do
03Attacker Capabilities
Inject malicious scripts that run in visitors' browsers when they interact with the opt-in form.
Potential impact on your site
04Site Impact
Visitors' browsers can be compromised; attackers may steal credentials, session tokens, or redirect users to malicious sites.
Conditions required to exploit
05Prerequisites
No authentication required. Visitor must interact with the affected opt-in form (click, submit, or view).
Key dates
06Disclosure timeline
July 13, 2026
CVE published
July 13, 2026
Record updated