Cross-Site Scripting Vulnerability in Drupal Link Field Formatter
CVE-2025-31695
6.1MEDIUM
Key Information:
- Vendor
- Drupal
- Vendor
- CVE Published:
- 31 March 2025
Summary
An improper neutralization of input during web page generation in the Drupal Link field display mode formatter can lead to cross-site scripting attacks. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially compromising their sensitive information. The issue affects Link field display mode formatter versions prior to 1.6.0. For comprehensive details and mitigation strategies, please visit the official Drupal security advisory.
Affected Version(s)
Link field display mode formatter 0.0.0 < 1.6.0
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Daniel Wehner (dawehner)
Joseph Zhao (pandaski)
Benji Fisher (benjifisher)
Joseph Zhao (pandaski)
Rodrigo Aguilera (rodrigoaguilera)
Bram Driesen (bramdriesen)
Greg Knaddison (greggles)
Drew Webber (mcdruid)
Juraj Nemec (poker10)