Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
                
            Metrics
Affected Vendors & Products
References
        | Link | Providers | 
|---|---|
| https://www.drupal.org/sa-contrib-2025-073 |     | 
History
                    Thu, 17 Jul 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | 1xinternet 1xinternet simple Klaro | |
| CPEs | cpe:2.3:a:1xinternet:simple_klaro:*:*:*:*:*:drupal:*:* | |
| Vendors & Products | Klaro Klaro simple Klaro | 1xinternet 1xinternet simple Klaro | 
Tue, 15 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Tue, 08 Jul 2025 21:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Klaro Klaro simple Klaro | |
| CPEs | cpe:2.3:a:klaro:simple_klaro:*:*:*:*:*:drupal:*:* | |
| Vendors & Products | Klaro Klaro simple Klaro | 
Fri, 13 Jun 2025 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 
 | 
Fri, 13 Jun 2025 15:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |
| Title | Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 | |
| Weaknesses | CWE-79 | |
| References |  | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: drupal
Published: 2025-06-13T15:39:23.246Z
Updated: 2025-06-13T16:37:55.768Z
Reserved: 2025-05-28T14:59:40.500Z
Link: CVE-2025-48919
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-06-13T16:37:38.300Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-06-13T16:15:27.177
Modified: 2025-07-17T16:04:56.913
Link: CVE-2025-48919
 Redhat
                        Redhat
                    No data.