DRUPAL-CONTRIB-2025-027

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tacjs/DRUPAL-CONTRIB-2025-027.json
JSON Data
https://api.test.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-027
Aliases
Published
2025-04-02T17:01:45Z
Modified
2025-12-09T03:15:07.060127Z
Summary
[none]
Details

This module enables sites to comply with the European cookie law using tarteaucitron.js.

The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker needs to be able to insert specific data attributes in the page.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/tacjs

Package

Name
drupal/tacjs
Purl
pkg:composer/drupal/tacjs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.7.0
Database specific 
{
    "constraint": "<6.7.0"
}

Database specific

affected_versions 
"<6.7.0"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/tacjs/DRUPAL-CONTRIB-2025-027.json"