Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/31xxx/CVE-2025-31675.json",
"cwe_ids": [
"CWE-79"
],
"cna_assigner": "drupal"
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "8.0.0"
},
{
"fixed": "10.3.14"
},
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.5"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.13"
},
{
"introduced": "11.1.0"
},
{
"fixed": "11.1.5"
}
]
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "7.x-1.0"
},
{
"last_affected": "7.x-1.12"
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "8.0.0"
},
{
"fixed": "10.3.14"
},
{
"introduced": "10.4.0"
},
{
"fixed": "10.4.5"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.13"
},
{
"introduced": "11.1.0"
},
{
"fixed": "11.1.5"
}
]
}