DRUPAL-CONTRIB-2025-083

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/simple_sitemap/DRUPAL-CONTRIB-2025-083.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-083

Aliases

CVE-2025-6676

Published

2025-06-25T18:42:38Z

Modified

2025-12-10T23:41:32.857305Z

Summary

[none]

Details

Simple XML sitemap is a SEO module that allows creating various XML sitemaps of the site's content and submitting them to search engines.
The module doesn't sufficiently sanitize input when administering it, which leads to a Cross-site scripting (XSS) attack vector.
This vulnerability is mitigated by the fact that an attacker must have the administrative permission 'administer sitemap settings'.

References

https://www.drupal.org/sa-contrib-2025-083

Credits

- Nick Vanpraet (grayle)
- - https://www.drupal.org/u/grayle

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/simple_sitemap

Package

Name: drupal/simple_sitemap
Purl: pkg:composer/drupal/simple_sitemap

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

4.2.2

Database specific

{
    "constraint": "< 4.2.2"
}

Database specific

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/simple_sitemap/DRUPAL-CONTRIB-2025-083.json"

affected_versions

"< 4.2.2"