CVE-2025-7392

CVE-2025-7392: Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087

Vendor Drupal

Product Cookies Addons

Weakness CWE-79 · XSS

Published July 21, 2025

Last update July 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookies Addons allows Cross-Site Scripting (XSS).This issue affects Cookies Addons: from 1.0.0 before 1.2.4.

Key dates

02Disclosure timeline

July 21, 2025 CVE published

July 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7392 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-24754 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting CVE-2025-0811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab CVE-2025-22661 WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-47612 XSS in Special:DataDump when displaying dump status CVE-2024-5901 SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget