TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-016

Project: TacJSDate: 2024-March-27Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingAffected versions: <6.5.0Description: This module enables sites to comply with the European cookie law using tarteaucitron.js.
The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting (XSS) vulnerability. More details are available in CVE-2023-3620.
This vulnerability is mitigated by the fact that an attacker needs to be able to write content in the page, a feature commonly available on Drupal sites.Solution: Install the latest version:

  • If you use the tacjs module for Drupal 8.x, upgrade to tacjs 8.x-6.5

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-016