CVE-2025-3733

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2025-034	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:baguettebox.js_project:baguettebox.js::::::drupal::*
	cpe:2.3:a:baguettebox.js_project:baguettebox.js:3.0.0:::::drupal::

History

No history.

Information

Published : 2025-04-16 17:15

Updated : 2025-09-02 18:38

NVD link : CVE-2025-3733

Mitre link : CVE-2025-3733

CVE.ORG link : CVE-2025-3733

JSON object : View

Products Affected

baguettebox.js_project

baguettebox.js

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.5 /10