CNNVD-202510-4277 Information

CNNVD ID

CNNVD-202510-4277

Related CVE

CVE-2025-12083

• CNNVD Published: 2025-10-30

Description (Chinese)

Drupal CivicTheme Design System是Drupal社区的一款主题设计插件。 Drupal CivicTheme Design System 1.12.0之前版本存在安全漏洞，该漏洞源于网页生成期间输入中和不当，可能导致跨站脚本攻击。

Description (English)

Drupal Civil Theme Design System is a thematic design plugin for the Drupal community. There was a security loophole in the pre-Drupal Civil Theme Design System 1.12.0 version, which originated from inappropriate input during web page generation and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-113 https://vigilance.fr/vulnerability/Drupal-CivicTheme-Design-System-Cross-Site-Scripting-via-1-12-0-48561

Patch

https://www.drupal.org/project/civictheme/releases