Cross-Site Scripting Vulnerability in Formatter Suite by Drupal
CVE-2025-31697

6.1MEDIUM

Key Information:

Vendor: Drupal
Status: Formatter Suite
Vendor: CVE Published:; 31 March 2025

Summary

The Formatter Suite for Drupal contains a vulnerability that allows for Cross-Site Scripting (XSS) attacks due to improper input neutralization during web page generation. This flaw can enable attackers to inject malicious scripts into web pages that are viewed by users, compromising user data and potentially leading to unauthorized actions on behalf of users. Affected versions include all versions prior to 2.1.0. Security improvements are crucial to prevent exploitation.

Affected Version(s)

Formatter Suite 0.0.0 < 2.1.0

References

https://www.drupal.org/sa-contrib-2025-026

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Daniel Wehner (dawehner)

Joseph Zhao (pandaski)

Benji Fisher (benjifisher)

Bram Driesen (bramdriesen)

cyoun

Lee Rowlands (larowlan)

Joseph Zhao (pandaski)

Greg Knaddison (greggles)

Drew Webber (mcdruid)

Juraj Nemec (poker10)