DRUPAL-CONTRIB-2023-017

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/consent_popup/DRUPAL-CONTRIB-2023-017.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2023-017

Published

2023-05-31T13:18:52Z

Modified

2025-12-10T23:33:49.518949Z

Summary

[none]

Details

The Consent Popup provides a configurable popup that requires acceptance of a question before the visitor can continue, typically used for age consent.

The module doesn't sufficiently sanitizes the text on the block leading to a cross site scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create blocks.

References

https://www.drupal.org/sa-contrib-2023-017

Credits

- Mitch Portier
- - https://www.drupal.org/user/2284182

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/consent_popup

Package

Name: drupal/consent_popup
Purl: pkg:composer/drupal/consent_popup

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.3

Database specific

{
    "constraint": "<1.0.3"
}

Database specific

affected_versions

"<1.0.3"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/consent_popup/DRUPAL-CONTRIB-2023-017.json"