CVE-2024-13289

Name of the Vulnerable Software and Affected Versions Cookiebot + GTM versions 0.0.0 through 1.0.17

Description The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting (XSS). This allows an attacker to conduct Cross-Site Scripting attacks. The vulnerability is associated with the failure to protect the structure of web pages.

Recommendations For versions 0.0.0 through 1.0.17, update to version 1.0.18 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is available. Avoid using potentially vulnerable API endpoints or parameters that may be susceptible to Cross-Site Scripting attacks until the issue is resolved.