CVE-2025-3733

Published Apr 16, 2025

Last updated 2 months ago

CVSS medium 6.5

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.
Source: mlhess@drupal.org
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.7
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

mlhess@drupal.org: CWE-79

Hype score: Not currently trending

CVE-2025-3733 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue… https://t.co/m9eSLjtHKx
@CVEnew
16 Apr 2025
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.