CVE-2025-31679

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS).This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4.

Published: Apr 1, 2025
Updated: Jun 30, 2025
CVE: CVE-2025-31679
GHSA: GHSA-rhxm-r44m-4325
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
drupal / ignition	-	1.0.4
ignition_error_pages_project / ignition_error_pages	-	1.0.4

https://www.drupal.org/sa-contrib-2025-007

Vulnerability Database

289,599

CVE-2025-31679