CVE-2025-47704

CVE-2025-47704: Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050

Vendor Drupal

Product Klaro Cookie & Consent Management

Weakness CWE-79 · XSS

Published May 14, 2025

Last update May 20, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5.

Key dates

02Disclosure timeline

May 14, 2025 CVE published

May 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-47704 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-1090 Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting CVE-2026-6809 Social Post Embed <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Threads Embed CVE-2025-7056 Stored XSS in UrlShortener CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting CVE-2021-34590 Bender Charge Controller: Cross-site Scripting