CVE-2025-6676

CVE-2025-6676: Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083

Vendor Drupal

Product Simple XML sitemap

Weakness CWE-79 · XSS

Published June 26, 2025

Last update June 26, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.

Key dates

02Disclosure timeline

June 26, 2025 CVE published

June 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6676

Related vulnerabilities

04Related CVE

CVE-2024-8723 012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-6551 Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute CVE-2019-25420 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via snat CVE-2024-9173 GF Custom Style <= 2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution