
CVE-2025-6677 – Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084
https://notcve.org/view.php?id=CVE-2025-6677
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. • https://www.drupal.org/sa-contrib-2025-084 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-6676 – Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083
https://notcve.org/view.php?id=CVE-2025-6676
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. • https://www.drupal.org/sa-contrib-2025-083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-6675 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
https://notcve.org/view.php?id=CVE-2025-6675
26 Jun 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. • https://www.drupal.org/sa-contrib-2025-082 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVE-2025-6674 – CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081
https://notcve.org/view.php?id=CVE-2025-6674
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. • https://www.drupal.org/sa-contrib-2025-081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-5682 – Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080
https://notcve.org/view.php?id=CVE-2025-5682
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7. • https://www.drupal.org/sa-contrib-2025-080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-48921 – Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079
https://notcve.org/view.php?id=CVE-2025-48921
26 Jun 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. • https://www.drupal.org/sa-contrib-2025-079 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVE-2025-48922 – GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078
https://notcve.org/view.php?id=CVE-2025-48922
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16. • https://www.drupal.org/sa-contrib-2025-078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-48923 – Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077
https://notcve.org/view.php?id=CVE-2025-48923
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1. • https://www.drupal.org/sa-contrib-2025-077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-48915 – COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076
https://notcve.org/view.php?id=CVE-2025-48915
13 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. • https://www.drupal.org/sa-contrib-2025-076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-48914 – COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075
https://notcve.org/view.php?id=CVE-2025-48914
13 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. • https://www.drupal.org/sa-contrib-2025-075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •