In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Improper Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade tarteaucitronjs to version 1.33.0 or higher.
tarteaucitronjs is a package that provides compliance to the European cookie law.
Affected versions of this package are vulnerable to Improper Authorization via the purgeBtn process. An attacker can cause unintended deletion of arbitrary cookies by tricking a user into clicking a crafted element with a specific data-cookie attribute. This is only exploitable if the attacker can inject HTML with data attributes and knows the name of a non-HttpOnly cookie.