CVE-2025-6676 | THREATINT

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.

PUBLISHED Reserved 2025-06-25 | Published 2025-06-26 | Updated 2025-06-26 | Assigner drupal

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unaffected

0.0.0 (semver) before 4.2.2

affected

Credits

Nick Vanpraet (grayle) finder

David Rothstein (David_Rothstein) remediation developer

Pawel Ginalski (gbyte) remediation developer

Greg Knaddison (greggles) coordinator

Michael Hess (mlhess) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2025-083

cve.org (CVE-2025-6676)

nvd.nist.gov (CVE-2025-6676)

Download JSON