GHSA-PR6M-QWRR-MRW9 Drupal Plausible tracking is vulnerable to XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS. This issue affects Plausible tracking: from 0.0.0 before 1.0.2...

CVE-2025-9954

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5...

CVE-2025-9954

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5...

CVE-2025-10929

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-10931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

CVE-2025-12083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

CVE-2025-10929

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-12083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

CVE-2025-12082

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

CVE-2025-10930

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

CVE-2025-12466

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

CVE-2025-10928

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5...

CVE-2025-10931

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

CVE-2025-10928

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5...

CVE-2025-10930

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

CVE-2025-12466

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

CVE-2025-10926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...

CVE-2025-10927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS.This issue affects Plausible tracking: from 0.0.0 before 1.0.2...

CVE-2025-10927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS.This issue affects Plausible tracking: from 0.0.0 before 1.0.2...

CVE-2025-10926

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...