Detections
Analytics
Drupal 10.3.x < 10.3.14 / 10.4.x < 10.4.5 / 11.x < 11.0.13 / 11.1.x < 11.1.5 Drupal Vulnerability (SA-CORE-2025-004)
high Nessus Plugin ID 232982
Language:
Synopsis
A PHP application running on the remote web server is affected by a vulnerability.Description
According to its self-reported version, the instance of Drupal running on the remote web server is 10.3.x prior to 10.3.14, 10.4.x prior to 10.4.5, 11.x prior to 11.0.13, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability.- Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross Site Scripting vulnerability (XSS). This vulnerability is mitigated by that fact that an attacker would need to have the ability to add specific attributes to a Link field, which typically requires edit access via core web services, or a contrib or custom module. Sites with the Link module disabled or that do not use any link fields are not affected. (SA-CORE-2025-004)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Drupal version 10.3.14 / 10.4.5 / 11.0.13 / 11.1.5 or later.See Also
https://www.drupal.org/sa-core-2025-004
https://www.drupal.org/project/drupal/releases/10.3.14
https://www.drupal.org/project/drupal/releases/10.4.5
Plugin Details
Severity: High
ID: 232982
File Name: drupal_11_1_5.nasl
Version: 1.1
Type: remote
Family: CGI abuses
Published: 3/20/2025
Updated: 3/20/2025
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:drupal:drupal
Required KB Items: Settings/ParanoidReport, installed_sw/Drupal
Exploit Ease: No known exploits are available
Patch Publication Date: 3/19/2025
Vulnerability Publication Date: 3/19/2025