CNNVD-202510-1390 Information

CNNVD ID

CNNVD-202510-1390

Related CVE

CVE-2025-9550

• CNNVD Published: 2025-10-10

Description (Chinese)

Drupal Facets是Drupal社区的一个浏览器插件。 Drupal Facets 0.0.0版本至2.0.10之前版本和3.0.0版本至3.0.1之前版本存在安全漏洞，该漏洞源于网页生成期间输入中和不当，可能导致跨站脚本攻击。

Description (English)

Drupal Facets is a browser plugin for the Drupal community. There is a security loophole between Drupal Facets versions 0.0.0 and 2.0.10 and between 3.0.0 and 3.0.1, which stems from inappropriate input during web-page generation and may lead to cross-site script attacks.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-10-10

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-100 https://vigilance.fr/vulnerability/Drupal-Facets-Cross-Site-Scripting-dated-28-08-2025-48076

Patch

https://www.drupal.org/sa-contrib-2025-100