CVE-2025-3057

CVE-2025-3057: Drupal core - Critical - Cross site scripting - SA-CORE-2025-001

Vendor Drupal
Product Drupal core
Weakness CWE-79 · XSS
Published March 31, 2025
Last update April 1, 2025

CVSS base score

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
April 1, 2025 Record updated

Related vulnerabilities

04Related CVE