This module enables sites to comply with the European cookie law using tarteaucitron.js.
The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker needs additional permissions. The vulnerability can be exploited by an attacker with a role with the permission "administer tacjs" regardless of other configurations.
Install the latest version:
- If you use the tacjs alert module, upgrade to tacjs 8.x-6.4
- Damien McKenna of the Drupal Security Team
- Cathy Theys of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team