Project: 
Date: 
2023-June-28
Vulnerability: 
Cross site scripting
Affected versions: 
<6.4.0
Description: 

This module enables sites to comply with the European cookie law using tarteaucitron.js.

The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker needs additional permissions. The vulnerability can be exploited by an attacker with a role with the permission "administer tacjs" regardless of other configurations.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: