CVE-2025-9550 Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100

🗓️ 10 Oct 2025 22:24:34Reported by drupalType

CVE-2025-9550 in Drupal Facets enables cross-site scripting due to improper input neutralization.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-9550	5 Jan 202616:05	–	circl
CNNVD	Drupal Facets 安全漏洞	10 Oct 202500:00	–	cnnvd
CVE	CVE-2025-9550	10 Oct 202522:24	–	cve
Drupal	Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100	27 Aug 202500:00	–	drupal
EUVD	EUVD-2025-33790	11 Oct 202500:30	–	euvd
NVD	CVE-2025-9550	10 Oct 202523:15	–	nvd
OSV	DRUPAL-CONTRIB-2025-100	27 Aug 202517:19	–	osv
Patchstack	Drupal Facets module < 2.0.10,3.0.0 - Authenticated Cross Site Scripting (XSS) vulnerability	27 Aug 202500:00	–	patchstack
Positive Technologies	PT-2025-41618	10 Oct 202500:00	–	ptsecurity
Vulnrichment	CVE-2025-9550 Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100	10 Oct 202522:24	–	vulnrichment

[
  {
    "collectionURL": "https://www.drupal.org/project/facets",
    "defaultStatus": "unaffected",
    "product": "Facets",
    "repo": "https://git.drupalcode.org/project/facets",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "2.0.10",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.1",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
drupal	www.drupal.org/sa-contrib-2025-100

10 Oct 2025 22:24Current

EPSS0.00025

CWE-79