CVE-2025-6677

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2025-084	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:paragraphs_table_project:paragraphs_table:*:*:*:*:*:drupal:*:*

History

11 Jul 2025, 14:24

Type	Values Removed	Values Added
References	~~() https://www.drupal.org/sa-contrib-2025-084 -~~	() https://www.drupal.org/sa-contrib-2025-084 - Vendor Advisory
Summary		(es) La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Drupal Paragraphs table permite Cross-Site Scripting (XSS). Este problema afecta a la tabla de párrafos: desde la versión 2.0.0 hasta la 2.0.5.
First Time		Paragraphs Table Project Paragraphs Table Project paragraphs Table
CPE		cpe:2.3:a:paragraphs_table_project:paragraphs_table::::::drupal::*

26 Jun 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 14:15

Updated : 2025-07-11 14:24

NVD link : CVE-2025-6677

Mitre link : CVE-2025-6677

CVE.ORG link : CVE-2025-6677

JSON object : View

Products Affected

paragraphs_table_project

paragraphs_table

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.4 /10