Cross-Site Scripting Vulnerability in Drupal Block Attributes
CVE-2025-7715
Currently unrated
What is CVE-2025-7715?
A vulnerability exists in Drupal's Block Attributes that allows for Cross-Site Scripting (XSS) due to improper input neutralization during web page generation. This affects versions from 0.0.0 before 1.1.0 and from 2.0.0 before 2.0.1, potentially enabling attackers to inject malicious scripts into web pages viewed by users.
Affected Version(s)
Block Attributes 0.0.0 < 1.1.0
Block Attributes 2.0.0 < 2.0.1