CVE-2025-13983

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13983

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13983.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13983

Aliases

DRUPAL-CONTRIB-2025-121

Published

2026-01-28T20:16:07.677Z

Modified

2026-02-05T09:55:20.370806Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44.

References

https://www.drupal.org/sa-contrib-2025-121

Affected packages

Git / git.drupalcode.org/project/tagify

Affected ranges

Type: GIT
Repo: https://git.drupalcode.org/project/tagify
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6ac2488ce435eec8f0edcafff2d9912a1e71fe2e

Affected versions

1.*

1.0.0-beta1

1.0.1-beta1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.2-beta1

1.0.20

1.0.21

1.0.22

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.21

1.1.23

1.1.24

1.2.0

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.17

1.2.18

1.2.19

1.2.2

1.2.20

1.2.21

1.2.22

1.2.23

1.2.24

1.2.25

1.2.26

1.2.27

1.2.28

1.2.29

1.2.3

1.2.30

1.2.31

1.2.32

1.2.33

1.2.34

1.2.35

1.2.36

1.2.37

1.2.38

1.2.39

1.2.4

1.2.40

1.2.41

1.2.42

1.2.43

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13983.json"