MEDIUM
AmauriC
CVE published 2026-07-17
CVE-2026-49977
A vulnerability in tarteaucitron.js, a compliant and accessible cookie banner, was discovered prior to version 1.33.0. The issue arises from the tarteaucitron.cookie.purge() function being called on any element with the purgeBtn class without verifying if the element is a legitimate tarteaucitron button or if the cookie corresponds to a service handled by tarteaucitron. This allows an attacker to write HT [truncated]