Primary

Context

tarteaucitron.js Cookie Banner Clickjacking Vulnerability

Vulnerability

Patched

A vulnerability in tarteaucitron.js cookie banner prior to version 1.20.1 allows for improper validation of user-controlled width and height inputs. This flaw enables an attacker with high privileges to inject CSS that could cover the entire viewport, potentially leading to clickjacking attacks. The vulnerability could be exploited by overlaying malicious UI elements on top of legitimate content, tricking users into interacting with hidden elements, or disrupting the website's functionality and accessibility.

Impact

Exploitation of this vulnerability could allow for clickjacking attacks, where users are deceived into interacting with concealed elements, potentially leading to unintended actions on the website.

Remediation

Users can update to tarteaucitron.js version 1.20.1 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.9

exploitability

5.6

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.9

exploitability

5.6

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

tarteaucitron.js Cookie Banner Clickjacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

AmauriC tarteaucitron.js

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating