Cross-Site Scripting Vulnerability in Drupal Bootstrap Site Alert Plugin
CVE-2025-3901

Currently unrated

Key Information:

Vendor: Drupal
Status: Bootstrap Site Alert
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-3901?

The Bootstrap Site Alert plugin for Drupal is prone to a Cross-Site Scripting vulnerability that occurs due to improper handling of user input during web page generation. This flaw can allow attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and session integrity. The vulnerability impacts specific versions of the plugin before 1.13.0 and 3.0.4, necessitating immediate updates for users to secure their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Bootstrap Site Alert 0.0.0 < 1.13.0

Bootstrap Site Alert 3.0.0 < 3.0.4

References

https://www.drupal.org/sa-contrib-2025-042

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Apr 23, 2025

Credit

Mitch Portier (arkener)

Elijah Byrd (elibyrd)

Mitch Portier (arkener)

Joseph Olstad (joseph.olstad)

Ivo Van Geertruyen (mr.baileys)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

JSON

Drupal