Security advisories

This module provides a format filter, which allows you to "disable" certain HTML elements (e.g. remove their src attribute) specified by the user. These elements will be enabled again, once the COOKiES banner is accepted.

The module doesn't sufficiently check whether to convert "data-src" attributes to "src" when their value might contain malicious content under the scenario, that module specific classes are set on the HTML element.

The "Simple Klaro" module adds the "Klaro! A Simple Consent Manager" to your website and allows you to configure it according to your needs in the Drupal backend.

The module doesn't sufficiently sanitise data attributes allowing persistent Cross Site Scripting (XSS) attacks.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing specific data attributes.

The "Simple Klaro" module adds the "Klaro! A Simple Consent Manager" to your website and allows you to configure it according to your needs in the Drupal backend.

The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for the permission to be granted too broadly. A malicious admin could execute a Cross Site Scripting (XSS) attack.

This vulnerability is mitigated by the fact that an attacker must have a role with the "administer simple klaro" permission.

This module integrates Drupal with LightGallery, enabling the use of the LightGallery library with any image field or view.

The module does not adequately sanitize user input in the image field’s "alt" attribute, potentially allowing cross-site scripting (XSS) attacks when tags or scripts are inserted.

This vulnerability is partially mitigated by the requirement that an attacker must have permission to create content containing an image field configured to use the LightGallery format.