NotCVE - vendor:"Drupal" product:"Drupal Core" version:" >= 11.1.0

4 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2025-31675 – Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004

https://notcve.org/view.php?id=CVE-2025-31675

31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. • https://www.drupal.org/sa-core-2025-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2025-31674 – Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003

https://notcve.org/view.php?id=CVE-2025-31674

31 Mar 2025 — Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. • https://www.drupal.org/sa-core-2025-003 • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2025-31673 – Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002

https://notcve.org/view.php?id=CVE-2025-31673

31 Mar 2025 — Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. • https://www.drupal.org/sa-core-2025-002 • CWE-863: Incorrect Authorization •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2025-3057 – Drupal core - Critical - Cross site scripting - SA-CORE-2025-001

https://notcve.org/view.php?id=CVE-2025-3057

31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. • https://www.drupal.org/sa-core-2025-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •