CVE-2025-13983

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-13983

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13983.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-13983

Aliases

DRUPAL-CONTRIB-2025-121

Published

2026-01-28T20:16:07.677Z

Modified

2026-03-12T17:37:46.439965Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44.

References

https://www.drupal.org/sa-contrib-2025-121

Affected packages

Git / git.drupalcode.org/project/tagify

Affected ranges

Type

GIT

Repo

https://git.drupalcode.org/project/tagify

Events

Introduced

Fixed

6ac2488ce435eec8f0edcafff2d9912a1e71fe2e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.44"
        }
    ]
}

Affected versions

1.*

1.0.0-beta1

1.0.1-beta1

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.2-beta1

1.0.20

1.0.21

1.0.22

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.21

1.1.23

1.1.24

1.2.0

1.2.1

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.17

1.2.18

1.2.19

1.2.2

1.2.20

1.2.21

1.2.22

1.2.23

1.2.24

1.2.25

1.2.26

1.2.27

1.2.28

1.2.29

1.2.3

1.2.30

1.2.31

1.2.32

1.2.33

1.2.34

1.2.35

1.2.36

1.2.37

1.2.38

1.2.39

1.2.4

1.2.40

1.2.41

1.2.42

1.2.43

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13983.json"