Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.drupal.org/sa-contrib-2025-034 |
![]() ![]() |
History
Tue, 02 Sep 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Baguettebox.js Project
Baguettebox.js Project baguettebox.js |
|
CPEs | cpe:2.3:a:baguettebox.js_project:baguettebox.js:*:*:*:*:*:drupal:*:* cpe:2.3:a:baguettebox.js_project:baguettebox.js:3.0.0:*:*:*:*:drupal:*:* |
|
Vendors & Products |
Baguettebox.js Project
Baguettebox.js Project baguettebox.js |
Wed, 16 Apr 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Wed, 16 Apr 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1. | |
Title | baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034 | |
Weaknesses | CWE-79 | |
References |
|

Status: PUBLISHED
Assigner: drupal
Published:
Updated: 2025-04-16T20:17:04.797Z
Reserved: 2025-04-16T14:00:25.543Z
Link: CVE-2025-3733

Updated: 2025-04-16T20:16:57.717Z

Status : Analyzed
Published: 2025-04-16T17:15:49.840
Modified: 2025-09-02T18:38:25.940
Link: CVE-2025-3733

No data.

No data.