CVE-2025-3057

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-3057

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-3057.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-3057

Aliases

Published

2025-03-31T22:15:23.363Z

Modified

2025-12-02T23:13:22.938972Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

References

https://www.drupal.org/sa-core-2025-001

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Fixed

eb3d3ba659ca1bcc104f44c402db5b26b39531fc

Affected versions

10.*

10.0.0-alpha1

10.0.0-alpha3

10.0.0-alpha4

10.0.0-alpha5

10.1.0-alpha1

10.3.0-beta1

10.3.0-rc1

10.3.1

10.3.10

10.3.11

10.3.12

10.3.2

10.3.3

10.3.4

10.3.5

10.3.6

10.3.7

10.3.8

10.3.9

8.*

8.0.0

8.1.0-beta1

9.*

9.0.0-alpha1

9.0.0-alpha2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-3057.json"