Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

Джерело:
Security advisories for contributed projects

Дата публікації:
30/10/2024 19:07

Постійна адреса новини:
http://www.vsinovyny.com/11408949

30/10/2024 19:07 // Security advisories for contributed projects

Project:

Date:

2024-October-30

Security risk:

Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All

Vulnerability:

Cross Site Scripting

Affected versions:

<1.0.18

Description:

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way.

The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting (XSS) vulnerability.

Solution:

Install the latest version and review settings:

If you use the Cookiebot + GTM module for Drupal, upgrade to Cookiebot + GTM 1.0.18
Additionally, the new codebase adds validation and permission changes so admins should re-save the configuration form at /admin/config/cookiebot_gtm and confirm which roles have permission to configure the module at /admin/people/permissions.

Reported By:

Fixed By:

Coordinated By:

«	Наступна новина з архіву OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056	Попередня новина з архіву Joe Bidens angebliches »Müll«-Zitat: Kamala Harris distanziert sich	»