logo

Database

Server side cross-site scripting In drupal/civicccookiecontrol

Description

CivicCookieControl is a module that can help make a website compliant with EU and UK cookie legislation.

The Civic GovUK Cookie Control module does not sufficiently sanitize the configuration resulting in a Cross-Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that the attacker must have a role with the "Administer Civic Cookie Control" permission.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. OSV-DRUPAL-CONTRIB-2023-0212. GCVE-DRUPAL-CONTRIB-2023-0213. drupal.org

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.