CVE-2025-10927

CVE-2025-10927: Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

Vendor Drupal

Product Plausible tracking

Weakness CWE-79 · XSS

Published October 29, 2025

Last update October 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.

Key dates

02Disclosure timeline

October 29, 2025 CVE published

October 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10927

Related vulnerabilities

04Related CVE

CVE-2024-6391 oik <= 4.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via bw_button Shortcode CVE-2024-51924 WordPress WP Agenda plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-47662 WordPress Live Gold Price & Silver Price Charts Widgets Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS) CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field CVE-2023-3005 SourceCodester Local Service Search Engine Management System POST Parameter cross site scripting