CVE-2025-6677: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Paragraphs table
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.
AI Analysis
Technical Summary
CVE-2025-6677 is a high-severity Cross-Site Scripting (XSS) vulnerability identified in the Drupal Paragraphs module, specifically affecting the Paragraphs table component versions from 2.0.0 up to but not including 2.0.5. The vulnerability is classified under CWE-79, which involves improper neutralization of input during web page generation. This flaw allows an attacker to inject malicious scripts into web pages generated by the vulnerable Drupal module. When a user visits a compromised page, the injected script executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS v3.1 base score of 7.1 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact primarily affects confidentiality (C:H), with limited integrity impact (I:L) and no availability impact (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that organizations using affected versions should prioritize mitigation. The vulnerability arises from insufficient sanitization or encoding of user-supplied input before rendering it in the Paragraphs table, a common Drupal content structuring feature. This flaw can be exploited remotely by unauthenticated attackers, making it a significant risk for websites relying on this module for content management and display.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, especially for those using Drupal-based websites with the Paragraphs module version 2.0.0 to 2.0.4. Exploitation could lead to unauthorized disclosure of sensitive information, including user credentials and session tokens, potentially facilitating further attacks such as account takeover or data breaches. Given the widespread use of Drupal in government, education, and enterprise sectors across Europe, the impact could extend to critical public-facing services and private sector platforms. The confidentiality breach could undermine user trust and lead to regulatory penalties under GDPR due to inadequate protection of personal data. Additionally, the integrity impact, though limited, could allow attackers to manipulate displayed content, potentially spreading misinformation or phishing content. The absence of availability impact means service disruption is unlikely, but the reputational damage and compliance risks remain significant. Organizations with high-traffic websites or those handling sensitive user data should consider this vulnerability a priority for remediation to avoid exploitation.
Mitigation Recommendations
Organizations should immediately identify all Drupal installations using the Paragraphs module, specifically versions 2.0.0 through 2.0.4. Until an official patch is released, implement the following mitigations: 1) Apply strict Content Security Policy (CSP) headers to restrict script execution and reduce the impact of injected scripts. 2) Employ web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the Paragraphs table. 3) Conduct thorough input validation and output encoding on any user-generated content rendered via the Paragraphs module, potentially using Drupal's built-in sanitization APIs as a temporary workaround. 4) Monitor web server and application logs for unusual requests or script injection attempts. 5) Educate site administrators and content editors about the risk of XSS and encourage cautious handling of user input. Once Drupal releases an official patch or module update, prioritize applying it promptly. Additionally, review and enhance incident response plans to address potential exploitation scenarios involving XSS attacks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy, Spain, Poland
CVE-2025-6677: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Paragraphs table
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.
AI-Powered Analysis
Technical Analysis
CVE-2025-6677 is a high-severity Cross-Site Scripting (XSS) vulnerability identified in the Drupal Paragraphs module, specifically affecting the Paragraphs table component versions from 2.0.0 up to but not including 2.0.5. The vulnerability is classified under CWE-79, which involves improper neutralization of input during web page generation. This flaw allows an attacker to inject malicious scripts into web pages generated by the vulnerable Drupal module. When a user visits a compromised page, the injected script executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS v3.1 base score of 7.1 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact primarily affects confidentiality (C:H), with limited integrity impact (I:L) and no availability impact (A:N). No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that organizations using affected versions should prioritize mitigation. The vulnerability arises from insufficient sanitization or encoding of user-supplied input before rendering it in the Paragraphs table, a common Drupal content structuring feature. This flaw can be exploited remotely by unauthenticated attackers, making it a significant risk for websites relying on this module for content management and display.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, especially for those using Drupal-based websites with the Paragraphs module version 2.0.0 to 2.0.4. Exploitation could lead to unauthorized disclosure of sensitive information, including user credentials and session tokens, potentially facilitating further attacks such as account takeover or data breaches. Given the widespread use of Drupal in government, education, and enterprise sectors across Europe, the impact could extend to critical public-facing services and private sector platforms. The confidentiality breach could undermine user trust and lead to regulatory penalties under GDPR due to inadequate protection of personal data. Additionally, the integrity impact, though limited, could allow attackers to manipulate displayed content, potentially spreading misinformation or phishing content. The absence of availability impact means service disruption is unlikely, but the reputational damage and compliance risks remain significant. Organizations with high-traffic websites or those handling sensitive user data should consider this vulnerability a priority for remediation to avoid exploitation.
Mitigation Recommendations
Organizations should immediately identify all Drupal installations using the Paragraphs module, specifically versions 2.0.0 through 2.0.4. Until an official patch is released, implement the following mitigations: 1) Apply strict Content Security Policy (CSP) headers to restrict script execution and reduce the impact of injected scripts. 2) Employ web application firewalls (WAFs) with custom rules to detect and block typical XSS payloads targeting the Paragraphs table. 3) Conduct thorough input validation and output encoding on any user-generated content rendered via the Paragraphs module, potentially using Drupal's built-in sanitization APIs as a temporary workaround. 4) Monitor web server and application logs for unusual requests or script injection attempts. 5) Educate site administrators and content editors about the risk of XSS and encourage cautious handling of user input. Once Drupal releases an official patch or module update, prioritize applying it promptly. Additionally, review and enhance incident response plans to address potential exploitation scenarios involving XSS attacks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- drupal
- Date Reserved
- 2025-06-25T17:59:56.089Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 685d5007ca1063fb8741d93d
Added to database: 6/26/2025, 1:49:59 PM
Last enriched: 6/26/2025, 2:05:51 PM
Last updated: 8/15/2025, 1:43:09 AM
Views: 35
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.