CVE-2025-48915

EPSS 0.40%

Published: 5/28/2025Modified: 12/10/2025

Also known as:DRUPAL-CONTRIB-2025-076

Description

The COOKIES module protects users from executing JavaScript code provided by third parties, e.g., to display ads or track user data without consent. Each sub-module allows to include a specific third party service in the consent management, by controlling the execution of javascript. However, this does not adequately check whether the provided JavaScript code originates from authorized users. A potential attacker would at least need permission to create and publish HTML (e.g. content or comments).

Affected packages (1)

Packagist/drupal/cookiesfrom 0, < 1.2.15

References (1)

WEBhttps://www.drupal.org/sa-contrib-2025-076