CVE-2025-48922

CVE-2025-48922: GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078

Vendor Drupal

Product GLightbox

Weakness CWE-79 · XSS

Published June 26, 2025

Last update June 26, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16.

Key dates

02Disclosure timeline

June 26, 2025 CVE published

June 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-48922

Related vulnerabilities

04Related CVE

CVE-2025-23754 WordPress The Loops plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-28169 WordPress Easy Event calendar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-26539 WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting CVE-2024-53763 WordPress Best Addons for Elementor plugin <=1.0.5 - Stored Cross Site Scripting (XSS) vulnerability