CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47707 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
https://notcve.org/view.php?id=CVE-2025-47707
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-053 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47706 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052
https://notcve.org/view.php?id=CVE-2025-47706
14 May 2025 — Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-052 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47705 – IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051
https://notcve.org/view.php?id=CVE-2025-47705
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5. • https://www.drupal.org/sa-contrib-2025-051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47704 – Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050
https://notcve.org/view.php?id=CVE-2025-47704
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. • https://www.drupal.org/sa-contrib-2025-050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47703 – COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049
https://notcve.org/view.php?id=CVE-2025-47703
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. • https://www.drupal.org/sa-contrib-2025-049 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47702 – oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048
https://notcve.org/view.php?id=CVE-2025-47702
14 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. • https://www.drupal.org/sa-contrib-2025-048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47701 – Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
https://notcve.org/view.php?id=CVE-2025-47701
14 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. • https://www.drupal.org/sa-contrib-2025-047 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3907 – Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046
https://notcve.org/view.php?id=CVE-2025-3907
23 Apr 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. • https://www.drupal.org/sa-contrib-2025-046 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3902 – Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043
https://notcve.org/view.php?id=CVE-2025-3902
23 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1. • https://www.drupal.org/sa-contrib-2025-043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3901 – Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042
https://notcve.org/view.php?id=CVE-2025-3901
23 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4. • https://www.drupal.org/sa-contrib-2025-042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •