CVE-2025-48918

CVE-2025-48918: Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071

Vendor Drupal

Product Simple Klaro

Weakness CWE-79 · XSS

Published June 13, 2025

Last update June 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

Key dates

02Disclosure timeline

June 13, 2025 CVE published

June 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-48918

Related vulnerabilities

04Related CVE

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings CVE-2024-5583 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function CVE-2022-4902 eXo Chat Application Mention ExoChatMessageComposer.vue cross site scripting CVE-2025-9388 Scada-LTS watch_list.shtm cross site scripting