Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080

Project: Klaro Cookie & Consent ManagementDate: 2025-June-25Security risk: Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site ScriptingAffected versions: <3.0.7CVE IDs: CVE-2025-5682Description: Klaro Cookie & Consent Management module is used for consent management for cookies and external sources. It makes changes to the markup to enable or disable loading.
The module doesn't sufficiently sanitize some HTML attributes allowing persistent Cross-site Scripting (XSS) attacks.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing specific attributes.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2025-080