CVE-2025-47703 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal COOKiES Consent Management module versions prior to 1.2.14. The vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and execute arbitrary scripts in the context of a victim's browser. Specifically, this flaw exists in the way the module processes user input or parameters related to cookie consent management, failing to adequately sanitize or encode this data before rendering it on web pages. The vulnerability has a CVSS 3.1 base score of 6.1, indicating a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) shows that the attack can be launched remotely over the network without privileges, requires low attack complexity, no privileges, but does require user interaction (e.g., the victim must click a crafted link). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component, and the impact is limited to partial confidentiality and integrity loss, with no impact on availability. No known exploits are currently reported in the wild. The vulnerability was published on May 14, 2025, and affects versions from 0.0.0 up to but not including 1.2.14. Drupal COOKiES Consent Management is a module used to manage cookie consent banners and compliance with privacy regulations such as GDPR. The vulnerability could be exploited to steal session tokens, perform actions on behalf of users, or manipulate displayed content, potentially leading to phishing or other social engineering attacks within affected Drupal sites.

For European organizations, this vulnerability poses a significant risk given the widespread use of Drupal as a content management system and the legal importance of cookie consent management under GDPR. Exploitation could lead to unauthorized disclosure of user data (confidentiality impact) and manipulation of web content (integrity impact), undermining user trust and potentially causing regulatory non-compliance issues. Attackers could leverage XSS to hijack user sessions, steal cookies, or conduct targeted phishing attacks, which is particularly concerning for organizations handling sensitive personal data. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to trigger the exploit. The scope change indicates that the vulnerability could affect multiple components or user sessions beyond the initial point of compromise. This could impact sectors such as finance, healthcare, government, and e-commerce, where Drupal is commonly deployed and where cookie consent management is critical for compliance. Additionally, reputational damage and potential fines under GDPR could be severe if personal data is compromised due to this vulnerability.

European organizations should prioritize updating the Drupal COOKiES Consent Management module to version 1.2.14 or later, where the vulnerability is patched. Until the update is applied, organizations should implement strict Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of XSS attacks. Web Application Firewalls (WAFs) should be configured to detect and block common XSS payloads targeting the consent management endpoints. Organizations should audit their Drupal sites to identify usage of the vulnerable module and monitor logs for suspicious activity or attempted exploitation. User awareness training should emphasize caution with unsolicited links or unexpected prompts related to cookie consent. Additionally, consider implementing input validation and output encoding at the application level for any customizations interacting with the consent management module. Regular vulnerability scanning and penetration testing focused on XSS vectors in Drupal environments will help detect residual or related issues. Finally, ensure incident response plans include procedures for handling XSS incidents and potential data breaches stemming from such vulnerabilities.