CVE-2025-47703
EPSS 0.18%
描述
The COOKIES module protects users from executing JavaScript code provided by third parties, e.g., to display ads or track user data without consent. The cookies\_asset\_injector module (a sub-module of the COOKiES module) also allows inline JavaScript to be included in consent management. However, this does not adequately check whether the provided JavaScript code originates from authorized users. A potential attacker would at least need permission to create and publish HTML (e.g. content or comments).
如何修補 CVE-2025-47703
要修補 CVE-2025-47703,請將受影響套件升級到下列已修補版本。
- Packagist/drupal/cookies—升級至 1.2.14 或更新版本
CVE-2025-47703 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.2.14