CVE-2025-47703
📋 TL;DR
This Cross-Site Scripting (XSS) vulnerability in Drupal's COOKiES Consent Management module allows attackers to inject malicious scripts into web pages. When exploited, these scripts execute in victims' browsers, potentially stealing session cookies, redirecting users, or performing actions on their behalf. All Drupal sites using vulnerable versions of the COOKiES Consent Management module are affected.
💻 Affected Systems
- Drupal COOKiES Consent Management
📦 What is this software?
Cookies Coonsent Manager by Cookies Consent Manager Project
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full administrative access to the Drupal site, install backdoors, exfiltrate sensitive data, or deface the website.
Likely Case
Attackers steal user session cookies to hijack accounts, redirect users to phishing sites, or perform actions on behalf of authenticated users.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers, preventing exploitation.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity, especially when unauthenticated exploitation is possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.14
Vendor Advisory: https://www.drupal.org/sa-contrib-2025-049
Restart Required: No
Instructions:
1. Log into Drupal admin panel. 2. Navigate to Extend > Update. 3. Check for available updates. 4. Update COOKiES Consent Management module to version 1.2.14. 5. Clear Drupal caches.
🔧 Temporary Workarounds
Disable COOKiES Consent Management Module
linuxTemporarily disable the vulnerable module until patching is possible.
drush pm-disable cookies_consent_management
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources.
Add 'Content-Security-Policy' header to web server configuration
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Enable Drupal's built-in XSS protection features and ensure input validation is enforced
🔍 How to Verify
Check if Vulnerable:
Check Drupal admin panel at Extend > Installed modules for COOKiES Consent Management version.Check Version:
drush pm-list --fields=name,version | grep cookies_consent_managementVerify Fix Applied:
Confirm module version is 1.2.14 or higher in Drupal admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests with script tags or JavaScript payloads to module endpoints
- Multiple failed XSS attempts in web server logs
Network Indicators:
- HTTP requests containing <script>, javascript:, or encoded XSS payloads
SIEM Query:
source="web_server_logs" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=") AND uri="*cookies*"