CVE-2025-68457

Name of the Vulnerable Software and Affected Versions Orejime versions prior to 2.3.2

Description Orejime, a consent manager focusing on accessibility, had a flaw where malicious code could be executed on HTML elements it handled. This occurred because the software, prior to version 2.3.2, would execute javascript: code embedded within data attributes when processing consent related to a purpose. Specifically, the software would convert data-href attributes into href attributes, triggering the code execution. This issue primarily affects setups where HTML code can be injected into pages. The vulnerable process involves transforming data attributes into unprefixed attributes.

Recommendations Update to version 2.3.2 or later. As a workaround, sanitize attributes that could contain executable code outside of Orejime.