Code Execution Vulnerability in Orejime Consent Manager by Boscop
CVE-2025-68457

1.7LOW

Key Information:

Vendor

Boscop-fr

Status
Orejime
Vendor
CVE Published:
19 December 2025

What is CVE-2025-68457?

The Orejime consent manager, utilized for handling user consent in an accessible manner, has a vulnerability that permits the execution of malicious JavaScript code through manipulated data attributes. Specifically, in versions before 2.3.2, attackers could inject HTML containing javascript: links, which Orejime mistakenly converts into executable attributes upon user consent confirmation. Although this risk is minimal under typical circumstances, it becomes significant if an attacker gains the ability to insert HTML into pages. The issue has been addressed in version 2.3.2, and user mitigation can be achieved by sanitizing data attributes to eliminate potential script execution.

Affected Version(s)

orejime < 2.3.2

References

https://github.com/boscop-fr/orejime/security/advisories/...
x_refsource_CONFIRM
https://github.com/boscop-fr/orejime/issues/142
x_refsource_MISC
https://github.com/boscop-fr/orejime/pull/143
x_refsource_MISC

CVSS V4

Score:
1.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68457 : Code Execution Vulnerability in Orejime Consent Manager by Boscop