4 matches found
tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability
Summary A potential Regular Expression Denial of Service ReDoS vulnerability was identified in tarteaucitron.js in the handling of the issuuid parameter. Details The issue was caused by the use of insufficiently constrained regular expressions applied to attacker-controlled input: if...
tarteaucitron.js 安全漏洞
tarteaucitron.js is a cookie manager for the Amauri CHAMPEAUX individual developer. A security vulnerability exists in tarteaucitron.js versions prior to 1.20.1, which stems from insufficient validation of inputs to the addOrUpdate function and could lead to prototype contamination...
DRUPAL-CONTRIB-2024-016
This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting XSS vulnerability. More details are available in CVE-2023-3620. This vulnerability is...
CVE-2021-36887
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin versions = 1.5.4, vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass"...