Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.2 - Authenticated Stored XSS

ID WPVDB-ID:D6846774-1958-4C8D-BB64-AF0D8C46E6E7
Type wpvulndb
Reporter Asif Nawaz Minhas
Modified 2021-08-06T20:11:00


The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options.


Go to the plugin's Customize Design page and open the "Wizard menu". Now scroll down and you will find an "Info Text" field where you can inject an XSS payload like "". Click "Publish" to store the payload.