Cross-site Scripting Vulnerability in Klaro Cookie & Consent Management by Drupal
CVE-2025-5682

4.3MEDIUM

Key Information:

Vendor: Drupal
Status: Klaro Cookie & Consent Management
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-5682?

The Klaro Cookie & Consent Management plugin for Drupal is susceptible to Cross-site Scripting (XSS) due to improper input neutralization during web page generation. This vulnerability may allow attackers to inject malicious scripts into web pages viewed by end-users, compromising data security and user privacy. Versions prior to 3.0.7 are specifically impacted, necessitating prompt updates to mitigate potential exploitation.

Affected Version(s)

Klaro Cookie & Consent Management 0.0.0 < 3.0.7

References

https://www.drupal.org/sa-contrib-2025-080

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Pierre Rudloff (prudloff)

Jan Kellermann (jan kellermann)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

Pierre Rudloff (prudloff)