Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2025-31675

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
drupal / core 8.0.0 10.3.14
drupal / core 10.4.0 10.4.5
drupal / core 11.0.0 11.0.13
drupal / core 11.1.0 11.1.5
drupal / drupal 10.4.0 10.4.5
drupal / drupal 11.0.0 11.0.13
drupal / drupal 11.1.0 11.1.5
drupal / drupal 8.0.0 10.3.14