CVE-2025-48447 – Drupal Lightgallery Cross-Site Scripting (XSS)

June 11, 2025

CVE ID : CVE-2025-48447

Published : June 11, 2025, 3:15 p.m. | 46 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48448 – Drupal Admin Audit Trail Resource Exhaustion DoS

Next Article CVE-2025-48445 – Drupal Commerce Eurobank Redirect Authorization Bypass

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

The 5 gadgets that got me through marathons and obstacle races (and why they work)

This beastly 500W charger replaced every other charger I had – with six ports to boot

Mac Mini won’t power on? Apple will fix it for you – for free

Why I’m switching to VS Code. Hint: It’s all about AI tool integration

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

From Concept to Code: Final Year PHP Projects with Reports for Smart Submissions

Building Construction suppliers in India

Neutralinojs v6.1 released

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

Windows 11 test builds are accidentally playing the Windows Vista startup sound

Leaked: ROG Xbox Ally and Xbox Ally X pre-orders set for August, launch in October

CVE-2025-48447 – Drupal Lightgallery Cross-Site Scripting (XSS)

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

46,000+ Grafana Instances Exposed to Malicious Account Takeover Attacks

Adobe brings four highly-requested Premiere Pro AI features out of beta

Xbox backward compatibility isn’t dead, as VP Jason Ronald announces new open role at Microsoft — “Are you passionate about game preservation?”

CVE-2025-48368 – Group-Office DOM-Based Cross-Site Scripting Vulnerability

You can run Arch Linux in Windows now – here’s how

Larva-24005: Kimsuky’s Global Cyber Espionage Campaign Exploits RDP and Office Flaws

CVE-2025-4580 – WordPress File Provider CSRF Vulnerability

CVE-2025-3455 – WordPress 1 Click Migration Plugin Remote File Upload Vulnerability

CVE-2025-5078 – Campcodes Online Shopping Portal SQL Injection

CVE-2025-48447 – Drupal Lightgallery Cross-Site Scripting (XSS)

Related Posts