CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-14556

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://d7es.tag1.com/security-advisories/flag-moderately-critical-cross-site-scripting-backdrop-sa-contrib-2025-011
https://www.herodevs.com/vulnerability-directory/cve-2025-14556

Products affected by CVE-2025-14556

Flag Module Project » Flag » Version: 7.x-3.0

cpe:2.3:a:flag_module_project:flag:7.x-3.0
Flag Module Project » Flag » Version: 7.x-3.1

cpe:2.3:a:flag_module_project:flag:7.x-3.1
Flag Module Project » Flag » Version: 7.x-3.2

cpe:2.3:a:flag_module_project:flag:7.x-3.2
Flag Module Project » Flag » Version: 7.x-3.3

cpe:2.3:a:flag_module_project:flag:7.x-3.3
Flag Module Project » Flag » Version: 7.x-3.4

cpe:2.3:a:flag_module_project:flag:7.x-3.4
Flag Module Project » Flag » Version: 7.x-3.5

cpe:2.3:a:flag_module_project:flag:7.x-3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-14556

Products

Pricing

Contact Us