Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.7 views

PT-2025-27153 · Cookiebot · Cookiebot

Name of the Vulnerable Software and Affected Versions: Cookiebot versions through 4.5.8 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user...

4.3CVSS6.9AI score0.00132EPSS
Exploits0References3
NVD
NVD
added 2025/03/06 12:15 p.m.16 views

CVE-2025-1666

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

4.3CVSS0.00319EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/06 11:11 a.m.17 views

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

4.3CVSS0.00319EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/06 11:11 a.m.8 views

CVE-2025-1666 Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission

The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the senduninstallsurvey function in all versions up to, and including, 4.4.1. This makes it possible for authenticate...

4.3CVSS6.7AI score0.00319EPSS
Exploits0References3
CVE
CVE
added 2025/03/06 11:11 a.m.79 views

CVE-2025-1666

CVE-2025-1666 refers to the WordPress cookie banner plugin Cookiebot CMP by Usercentrics. The Red Hat entry and Wordfence coverage confirm a vulnerability caused by a missing capability check in send_uninstall_survey() affecting all versions up to 4.4.1, allowing authenticated attackers with Subs...

4.3CVSS6.7AI score0.00319EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/03/06 12:5 a.m.4 views

WordPress Cookiebot plugin <= 4.4.1 - Missing Authorization to Authenticated (Subscriber+) Survey Submission vulnerability

Missing Authorization to Authenticated Subscriber+ Survey Submission vulnerability discovered by Peter Thaleikis in WordPress Plugin Cookiebot versions = 4.4.1...

4.3CVSS7AI score0.00319EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.2 views

WordPress plugin Cookiebot CMP by Usercentrics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS8.6AI score0.00319EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.5 views

The vulnerability of the Cookiebot module and the GTM CMS system Drupal, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Cookiebot module and the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00271EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/01/09 9:15 p.m.7 views

CVE-2024-13289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...

5.4CVSS0.00271EPSS
Exploits0References1
OSV
OSV
added 2025/01/09 9:15 p.m.3 views

CVE-2024-13289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...

5.4CVSS5.8AI score0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 8:15 p.m.8 views

CVE-2024-13289 Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...

6.4AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 8:15 p.m.11 views

CVE-2024-13289 Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...

0.00271EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 8:15 p.m.47 views

CVE-2024-13289

CVE-2024-13289 affects the Drupal Cookiebot + GTM module. The issue is an improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 up to, but not including, 1.0.18. The recommended remediation is to upgrade to version 1.0.18 or ...

5.4CVSS6.6AI score0.00271EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Cookiebot + GTM prior to version 1.0.18, which stems from improper input neutralization during page generation, resulting in a cross-site scripting...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2024/10/30 5:7 p.m.6 views

DRUPAL-CONTRIB-2024-055

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...

5.4CVSS5.7AI score0.00271EPSS
Exploits0References1
Drupal
Drupal
added 2024/10/30 12:0 a.m.11 views

Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.5 views

Drupal Cookiebot + GTM module < 1.0.18 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff in WordPress Module Cookiebot + GTM versions 1.0.18...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2025-2104 · Unknown · Cookiebot + Gtm

Name of the Vulnerable Software and Affected Versions: Cookiebot + GTM versions 0.0.0 through 1.0.17 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows an attacker to conduct Cross-Site Scripting...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2020/09/09 12:0 a.m.20 views

Cookiebot < 3.6.1 - CSRF & XSS

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting XSS within the admin panel, which could be exploited by using s Cross-Site Request Forgery CSRF attack...

2.2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/09 12:0 a.m.13 views

WordPress Cookiebot plugin <= 3.6.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress Cookiebot plugin versions = 3.6.0. Solution Update the WordPress Cookiebot plugin to the latest available version at least 3.6.1...

2.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder