DRUPAL-CONTRIB-2025-042

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/bootstrap_site_alert/DRUPAL-CONTRIB-2025-042.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-042
Aliases
  • CVE-2025-3901
Published
2025-04-23T16:58:51Z
Modified
2025-12-10T23:41:28.207861Z
Summary
[none]
Details

This module enables you to put a site wide bootstrap themed alert message on the top of every page.

The module doesn't sufficiently filter text input when leading to a possible XSS attacks.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer bootstrap site alerts".

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/bootstrap_site_alert

Package

Name
drupal/bootstrap_site_alert
Purl
pkg:composer/drupal/bootstrap_site_alert

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.0
Database specific 
{
    "constraint": "<1.13.0"
}
Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.4
Database specific 
{
    "constraint": ">=3.0.0 <3.0.4"
}

Database specific

affected_versions 
"<1.13.0 || >=3.0.0 <3.0.4"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/bootstrap_site_alert/DRUPAL-CONTRIB-2025-042.json"