CVE-2025-48917

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2025-072	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance:*:*:*:*:*:drupal:*:*

History

08 Jul 2025, 20:35

Type	Values Removed	Values Added
First Time		Freelance-it-consultant Freelance-it-consultant eu Cookie Compliance
References	~~() https://www.drupal.org/sa-contrib-2025-072 -~~	() https://www.drupal.org/sa-contrib-2025-072 - Third Party Advisory
CPE		cpe:2.3:a:freelance-it-consultant:eu_cookie_compliance::::::drupal::*

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Drupal EU Cookie Compliance (GDPR Compliance) permite Cross-Site Scripting (XSS). Este problema afecta a EU Cookie Compliance (GDPR Compliance): desde la versión 0.0.0 hasta la 1.26.0.

13 Jun 2025, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.0

13 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-13 16:15

Updated : 2025-07-08 20:35

NVD link : CVE-2025-48917

Mitre link : CVE-2025-48917

CVE.ORG link : CVE-2025-48917

JSON object : View

Products Affected

freelance-it-consultant

eu_cookie_compliance

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.0 /10