Cross-Site Scripting Vulnerability in Drupal EU Cookie Compliance Plugin
CVE-2025-48917

5MEDIUM

Key Information:

Vendor

Drupal
Status
Eu Cookie Compliance (gdpr Compliance)
Vendor
CVE Published:
13 June 2025

What is CVE-2025-48917?

A vulnerability in the Drupal EU Cookie Compliance plugin allows for the improper neutralization of input during web page generation, leading to potential cross-site scripting (XSS) attacks. This flaw can enable attackers to inject malicious scripts into web pages viewed by users, compromising their security and privacy. It affects versions from 0.0.0 up to, but not including, 1.26.0, necessitating immediate updates to safeguard against exploitation.

Affected Version(s)

EU Cookie Compliance (GDPR Compliance) 0.0.0 < 1.26.0

References

https://www.drupal.org/sa-contrib-2025-072

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
Grant McEwan (atowl)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
Cathy Theys (yesct)
.
CVE-2025-48917 : Cross-Site Scripting Vulnerability in Drupal EU Cookie Compliance Plugin