Facets Security Vulnerabilities and Issues — Facets CVE List

Facets ProjectFacets

3 matches found

CVE•added 2025/01/09 7:36 p.m.•43 views

CVE-2024-13283

CVE-2024-13283 covers a Cross‑Site Scripting vulnerability in the Drupal Facets module caused by improper input neutralization during page generation. Affected: Facets versions 0.0.0 through 2.0.9. Impact: potential XSS (per CVE details and associated advisories). Remediation: upgrade to a versio...

6.1CVSS6.5AI score0.00224EPSS

CVE•added 2025/10/10 10:24 p.m.•15 views

CVE-2025-9550

CVE-2025-9550 : Drupal Facets has an improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). Affected are Drupal Facets versions before 2.0.10 and before 3.0.1. Remediation is to upgrade to Facets 2.0.10+ or 3.0.1+. The CVSS 3.1 base score is 6.1 (MEDIUM)...

6.1CVSS5.5AI score0.00177EPSS

CVE•added 2025/10/10 10:24 p.m.•10 views

CVE-2025-9549

Drupal Facets is affected by a Missing Authorization vulnerability enabling forceful browsing in certain older versions. Affected ranges are Facets 0.0.0 through 2.0.9 and 3.0.0 through 3.0.0; the issue is fixed by upgrading to 2.0.10+ or 3.0.1+. No exploitation details are provided in the source...

6.5CVSS6.6AI score0.00185EPSS