Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.
2014-04-29T14:38:43.843
2025-04-12T10:46:40.837
Deferred
CVSSv2: 2.1 (LOW)
AV:N/AC:H/Au:S/C:N/I:P/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | freelance-it-consultant | eu_cookie_compliance | ≤ 7.x-1.11 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.0 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.1 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.2 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.6 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.7 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.8 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.9 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.10 | Yes |
| Application | freelance-it-consultant | eu_cookie_compliance | 7.x-1.x | Yes |