CVE-2025-13979

CVE-2025-13979: Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

Vendor Drupal
Product Mini site
Weakness CWE-267
Published January 28, 2026
Last update January 29, 2026

CVSS base score

What the vulnerability does

01Description

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.

Explanation of Vulnerability in Simple Terms

02Summary

A privilege escalation vulnerability exists in Drupal Mini site module versions before 3.0.2. The module does not properly enforce access controls, allowing users with certain permissions to perform unauthorized actions. Site administrators should update to version 3.0.2 or later immediately.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions by bypassing access control checks in the Mini site module.

Potential impact on your site

04Site Impact

Users may be able to access or modify content they should not have permission to view or edit.

Conditions required to exploit

05Prerequisites

Attacker must have some level of access to the Drupal site; specific privilege requirements are unclear.

Key dates

06Disclosure timeline

January 28, 2026 CVE published
January 29, 2026 Record updated