Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.0 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.2 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.7 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.x |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.1 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.10 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.8 |
| freelance-it-consultant | eu_cookie_compliance | * |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.9 |
| freelance-it-consultant | eu_cookie_compliance | 7.x-1.6 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.0 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.6 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freelance-it-consultant | eu_cookie_compliance | * |