Cookie Banner Vulnerability in tarteaucitron.js by AmauriC
CVE-2025-31138
5.5MEDIUM
What is CVE-2025-31138?
A vulnerability was discovered in tarteaucitron.js before version 1.20.1, affecting how user-controlled inputs for element dimensions are validated. This lack of validation could allow attackers with direct access or utilizing a CMS plugin to manipulate dimensions, possibly triggering clickjacking attacks by overlaying malicious UI elements over legitimate content. This exploitation could mislead users into inadvertently interacting with hidden elements, compromising the website's functionality and user accessibility.
Affected Version(s)
tarteaucitron.js < 1.20.1
