CVE-2025-31675MEDIUMCVSS 5.4≥ 7.x-1.0, ≤ 7.x-1.122025-03-31
CVE-2025-31675 [MEDIUM] CWE-79 CVE-2025-31675: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It also affects the Drupal 7 module from versions 7.x-1.
cvelistv5nvd