Home

Description

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.

PUBLISHED Reserved 2025-12-03 | Published 2026-01-28 | Updated 2026-01-29 | Assigner drupal

Problem types

CWE-267 Privilege Defined With Unsafe Actions

Product status

Default status
unaffected

0.0.0 (semver) before 3.0.2
affected

Credits

Pierre Rudloff (prudloff) finder

cb_govcms remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Pierre Rudloff (prudloff) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-117

cve.org (CVE-2025-13979)

nvd.nist.gov (CVE-2025-13979)

Download JSON