CVE-2025-9549

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Facets allows Cross-Site Scripting XSS.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9550

CVE-2025-9550 : Drupal Facets has an improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). Affected are Drupal Facets versions before 2.0.10 and before 3.0.1. Remediation is to upgrade to Facets 2.0.10+ or 3.0.1+. The CVSS 3.1 base score is 6.1 (MEDIUM)...

CVE-2025-9549 Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1...

CVE-2025-9549

Drupal Facets is affected by a Missing Authorization vulnerability enabling forceful browsing in certain older versions. Affected ranges are Facets 0.0.0 through 2.0.9 and 3.0.0 through 3.0.0; the issue is fixed by upgrading to 2.0.10+ or 3.0.1+. No exploitation details are provided in the source...

PT-2025-41617

Name of the Vulnerable Software and Affected Versions Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 Description A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls...

Drupal Facets 安全漏洞

Drupal Facets is a browser plugin for the Drupal community. A security vulnerability exists in Drupal Facets version 0.0.0 up to and including version 2.0.10 and version 3.0.0 up to and including version 3.0.1, which stems from a lack of authorization and could lead to a forced browsing attack...

Drupal Facets 安全漏洞

Drupal Facets is a browser plugin for the Drupal community. A security vulnerability exists in Drupal Facets versions 0.0.0 through 2.0.10 and 3.0.0 through 3.0.1, which stems from improper input neutralization during web page generation and could lead to a cross-site scripting attack...

CVE-2024-13283

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Facets allows Cross-Site Scripting XSS.This issue affects Facets: from 0.0.0 before 2.0.9...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Facets prior to version 2.0.9, which stems from improper input neutralization during page generation, resulting in a cross-site scripting vulnerabili...

PT-2025-2098 · Drupal · Drupal Facets

Name of the Vulnerable Software and Affected Versions: Drupal Facets versions 0.0.0 through 2.0.9 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to hijack a user's...