Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2025-3057

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
drupal / core 8.0.0 10.3.13
drupal / core 10.4.0 10.4.3
drupal / core 11.0.0 11.0.12
drupal / core 11.1.0 11.1.3
drupal / drupal 10.4.0 10.4.3
drupal / drupal 11.0.0 11.0.12
drupal / drupal 11.1.0 11.1.3
drupal / drupal 8.0.0 10.3.13