CVE-2025-6677

CVE-2025-6677: Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084

Vendor Drupal

Product Paragraphs table

Weakness CWE-79 · XSS

Published June 26, 2025

Last update June 26, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.

Key dates

02Disclosure timeline

June 26, 2025 CVE published

June 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6677 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-48870 WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability CVE-2023-33961 Leantime Stored Cross-site Scripting Vulnerability CVE-2023-24919 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2025-11834 WP AD Gallery <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-39512 Stored Cross-site Scripting on data_sources.php device name view in Cacti