Cross-Site Scripting Vulnerability in Simple Klaro by Drupal
CVE-2025-48919

5MEDIUM

Key Information:

Vendor: Drupal
Status: Simple Klaro
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-48919?

A Cross-Site Scripting (XSS) vulnerability exists in Simple Klaro, a module for Drupal, allowing attackers to inject malicious scripts into web pages. This security flaw impacts all versions from 0.0.0 up to but not including 1.10.0, potentially compromising user data and the integrity of the web application.

Affected Version(s)

Simple Klaro 0.0.0 < 1.10.0

References

https://www.drupal.org/sa-contrib-2025-073

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
May 28, 2025

Credit

Pierre Rudloff (prudloff)

Norman Kämper-Leymann (norman.lol)

Juraj Nemec (poker10)

Pierre Rudloff (prudloff)

Cathy Theys (yesct)