CVE-2025-3902 – Drupal Cross-Site Scripting (XSS)

April 23, 2025

CVE ID : CVE-2025-3902

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Block Class allows Cross-Site Scripting (XSS).This issue affects Block Class: from 4.0.0 before 4.0.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3903 – Drupal UEditor – 百度编辑器 File Inclusion Vulnerability

Next Article CVE-2025-3901 – Drupal Bootstrap Site Alert Cross-Site Scripting (XSS)

Highlights

CVE-2025-6196 – Libgepub EPUB File Processing Memory Corruption

June 17, 2025

CVE ID : CVE-2025-6196

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-3902 – Drupal Cross-Site Scripting (XSS)

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

CVE-2025-9132 – Google Chrome V8 Out-of-Bounds Heap Corruption Vulnerability

AI Software Development 101: What Business Leaders Need to know

The Elder Scrolls 4: Oblivion Remastered review roundup — Here’s what critics had to say for this remastered edition of one of Bethesda’s classic RPGs

Quantum Systems raises €160M for AI-powered aerial intelligence

CVE-2025-6196 – Libgepub EPUB File Processing Memory Corruption

CVE-2025-30408 – Acronis Cyber Protect Cloud Agent Windows Privilege Escalation

CVE-2025-3925 – BrightSign Players Privilege Escalation Vulnerability

Microsoft Confirms Chinese Threat Groups Exploited SharePoint Server Vulnerabilities

CVE-2025-3902 – Drupal Cross-Site Scripting (XSS)

Related Posts