CVE-2024-8397

Name of the Vulnerable Software and Affected Versions: webtoffee-gdpr-cookie-consent versions prior to 2.6.1

Description: The issue allows visitors to conduct Stored Cross-Site Scripting attacks due to improper sanitization and escaping of IP headers when logging them. The payload is triggered when an administrator visits the "Consent report" page, and the malicious script is executed in the administrator's context.

Recommendations: For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Consent report" page until the update is applied.