logo

Database

Server side cross-site scripting In drupal/tacjs

Description

This module enables sites to comply with the European cookie law using tarteaucitron.js.

The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting (XSS) vulnerability. More details are available in CVE-2023-3620.

This vulnerability is mitigated by the fact that an attacker needs to be able to write content in the page, a feature commonly available on Drupal sites.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-132522. NVD-2024-132523. OSV-DRUPAL-CONTRIB-2024-0164. OSV-2024-132525. GCVE-2024-132526. drupal.org

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.