@aurehxa/componentstest (>=1.0.0 <=1.0.1), @codesyntax/ionic-react-photo-viewer (>=1.0.0 <=1.7.0) +60 more potentially affected by CVE-2025-5092 via lightgallery (>=1.10.0 <=2.9.0)

lightgallery NPM version =1.10.0, =1.0.0, =1.0.0, =0.1.139, =2.9.6, =1.7.8, =1.0.183, =1.0.1, =0.0.1-alpha, =2.0.1, =1.0.0, =0.0.6-beta.1, =0.0.1, =3.3.0, =3.4.0 and more Source cves: CVE-2025-5092 Source advisory: SNYK:JS-LIGHTGALLERY-14101882...

Drupal Lightgallery Cross-site Scripting vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Lightgallery allows Cross-Site Scripting XSS. This issue affects Lightgallery: from 0.0.0 before 1.6.0...

CVE-2025-48447

CVE-2025-48447 affects Drupal Lightgallery prior to 1.6.0. The issue is described as improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.6.0, with remediation to update to 1.6.0 or later (per PT-2025-25222). Publi...