CVE-2025-3901 – Drupal Bootstrap Site Alert Cross-Site Scripting (XSS)

April 23, 2025

CVE ID : CVE-2025-3901

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3902 – Drupal Cross-Site Scripting (XSS)

Next Article CVE-2025-3900 – “Drupal Colorbox Cross-Site Scripting (XSS)”

Highlights

CVE-2025-5927 – Everest Forms Pro WordPress Remote File Deletion Vulnerability

June 25, 2025

CVE ID : CVE-2025-5927

Published : June 25, 2025, 10:15 a.m. | 42 minutes ago

Description : The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-3901 – Drupal Bootstrap Site Alert Cross-Site Scripting (XSS)

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

TarotCaster is an AI-powered tarot reading program

Google Quietly Flips the Switch With Android Enterprise Domain Upgrades – Check Details Here

Ambisonics Super-Resolution Using A Waveform-Domain Neural Network

CVE-2025-4318 – Amazon Amplify Studio Unvalidated Property Expression Vulnerability

CVE-2025-5927 – Everest Forms Pro WordPress Remote File Deletion Vulnerability

CISA Warns of Consilium Fire Panel Vulnerabilities Allowing Remote Takeover

snapborg synchronizes snapper snapshots to a borg repository

Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet

CVE-2025-3901 – Drupal Bootstrap Site Alert Cross-Site Scripting (XSS)

Related Posts