Skip to main content

CVE-2025-48447: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Lightgallery

High
VulnerabilityCVE-2025-48447cvecve-2025-48447cwe-79
Published: Wed Jun 11 2025 (06/11/2025, 14:37:45 UTC)
Source: CVE Database V5
Vendor/Project: Drupal
Product: Lightgallery

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.

AI-Powered Analysis

AILast updated: 07/12/2025, 08:01:30 UTC

Technical Analysis

CVE-2025-48447 is a high-severity Cross-Site Scripting (XSS) vulnerability identified in the Drupal Lightgallery module, affecting versions from 0.0.0 up to but not including 1.6.0. The vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. Specifically, this flaw allows an attacker with at least low privileges (PR:L) to inject malicious scripts into web pages generated by the Lightgallery module without requiring any user interaction (UI:N). The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), and it does not impact confidentiality but can affect integrity and availability. The CVSS v3.1 base score is 7.1, reflecting the potential for attackers to execute arbitrary scripts that could alter the content or behavior of web pages, potentially leading to defacement, session hijacking, or denial of service. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component without impacting other system components. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved on May 21, 2025, and published on June 11, 2025.

Potential Impact

For European organizations using Drupal with the Lightgallery module, this vulnerability poses a significant risk. Exploitation could allow attackers to inject malicious scripts that compromise the integrity of web content, potentially leading to unauthorized actions on behalf of users, defacement of public-facing websites, or disruption of services. Since Drupal is widely used across various sectors including government, education, and private enterprises in Europe, the impact could be broad. Attackers might leverage this vulnerability to target sensitive web portals, leading to reputational damage, loss of user trust, and potential regulatory penalties under GDPR if personal data is indirectly affected. The lack of required user interaction increases the risk of automated exploitation, potentially affecting many users visiting vulnerable sites. The vulnerability's requirement for low privileges means that even compromised or less-privileged accounts could be leveraged to escalate attacks, increasing the threat surface.

Mitigation Recommendations

European organizations should immediately audit their Drupal installations to identify the use of the Lightgallery module and verify the version in use. Until an official patch is released, organizations should consider disabling or removing the Lightgallery module if it is not essential. For critical deployments, implementing Web Application Firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting Lightgallery can provide interim protection. Additionally, applying strict Content Security Policies (CSP) to restrict script execution sources can mitigate the impact of injected scripts. Organizations should also enforce the principle of least privilege for user accounts to limit the potential for exploitation by low-privilege users. Monitoring web application logs for unusual input patterns or script injections related to Lightgallery endpoints is recommended to detect attempted exploitation. Once patches become available, prompt application of updates is critical. Finally, educating developers and administrators about secure coding and input validation practices will help prevent similar vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
drupal
Date Reserved
2025-05-21T16:25:07.435Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6849989023110031d4102824

Added to database: 6/11/2025, 2:54:08 PM

Last enriched: 7/12/2025, 8:01:30 AM

Last updated: 8/10/2025, 2:20:00 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats