CNNVD-202510-1507 Information

CNNVD ID

CNNVD-202510-1507

Related CVE

CVE-2025-11570

• CNNVD Published: 2025-10-10

Description (Chinese)

Drupal Unified Twig Extensions是Drupal社区的一个插件。 Drupal Unified Twig Extensions存在安全漏洞，该漏洞源于数据过滤不足，可能导致跨站脚本攻击。

Description (English)

Drupal Unified Twig Extensions is a plugin for the Drupal community. There was a security loophole in Drupal United Twig Extensions, which stemmed from inadequate data filtering and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/drupal-pattern-lab/unified-twig-extensions/blob/862b9deccab544ca68e3aaaccc257d14acc9b1f6/example/_twig-components/functions/link.function.php%23L9 https://security.snyk.io/vuln/SNYK-PHP-DRUPALPATTERNLABUNIFIEDTWIGEXTENSIONS-8400877 https://www.drupal.org/sa-contrib-2023-041

Patch

https://www.drupal.org/sa-contrib-2023-041