Vulnerability in Tarteaucitron.js Cookie Banner Affects Custom Text Handling
CVE-2025-31475
5.5MEDIUM
What is CVE-2025-31475?
A vulnerability in the tarteaucitron.js cookie consent banner, versions prior to 1.20.1, allows attackers to exploit the addOrUpdate function due to inadequate input validation. By manipulating this function, an attacker with access to the site's source code or plugin could alter JavaScript object prototypes. This leads to significant security concerns such as data corruption, unforeseen application behavior, or even system crashes. The vulnerability can be particularly damaging, potentially introducing additional security threats depending on the application architecture, highlighting the need for immediate updates to version 1.20.1.
Affected Version(s)
tarteaucitron.js < 1.20.1
