Skip to main content

Etracker

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-48920 PHP HIGH PATCH This Week

Stored/Reflected Cross-Site Scripting (XSS) vulnerability in the Drupal etracker module that allows unauthenticated remote attackers to inject malicious scripts into web pages without requiring user interaction. The vulnerability affects etracker versions prior to 3.1.0, enabling attackers to steal session tokens, perform unauthorized actions, or redirect users to malicious sites. The CVSS 7.3 score and network-accessible attack vector indicate this is a significant vulnerability affecting any Drupal installation with the vulnerable etracker module enabled.

XSS Drupal PHP Etracker
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-48920 PHP
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stored/Reflected Cross-Site Scripting (XSS) vulnerability in the Drupal etracker module that allows unauthenticated remote attackers to inject malicious scripts into web pages without requiring user interaction. The vulnerability affects etracker versions prior to 3.1.0, enabling attackers to steal session tokens, perform unauthorized actions, or redirect users to malicious sites. The CVSS 7.3 score and network-accessible attack vector indicate this is a significant vulnerability affecting any Drupal installation with the vulnerable etracker module enabled.

XSS Drupal PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy