XSS Vulnerability in Tarteaucitron Cookie Banner by AmauriC
CVE-2025-31476
4.8MEDIUM
What is CVE-2025-31476?
A cross-site scripting vulnerability was found in tarteaucitron.js, a cookie banner solution that ensures compliance and accessibility. This flaw allowed users with high privileges to inject links with insecure schemes, such as 'javascript:alert()'. The inadequate validation of URLs could lead to arbitrary JavaScript execution. Consequently, if a victim clicked on a maliciously crafted link, it could facilitate unauthorized access, the theft of sensitive data via phishing tactics, or manipulation of the site's user interface. The vulnerability has been addressed in version 1.20.1.
Affected Version(s)
tarteaucitron.js < 1.20.1
