Cross-Site Scripting Vulnerability in Drupal etracker
CVE-2025-48920

7.3HIGH

Key Information:

Vendor: Drupal
Status: Etracker
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-48920?

A Cross-Site Scripting (XSS) vulnerability exists in the etracker module for Drupal, allowing malicious users to inject harmful scripts into web pages. This vulnerability particularly affects versions of etracker prior to 3.1.0, potentially compromising the integrity of user interactions and the security of data. It emphasizes the importance of web application security and the need for timely updates to mitigate risks associated with XSS attacks.

Affected Version(s)

etracker 0.0.0 < 3.1.0

References

https://www.drupal.org/sa-contrib-2025-074

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
May 28, 2025

Credit

Pierre Rudloff (prudloff)

Julian Pustkuchen (anybody)

Sven Schüring (sunlix)

Juraj Nemec (poker10)

Pierre Rudloff (prudloff)

Cathy Theys (yesct)