Skip to main content

Mother May I

1 CVEs product

Monthly

CVE-2026-11913 PHP CRITICAL Act Now

Stored/reflected cross-site scripting (CWE-79) affects the Drupal contributed module 'Mother May I' across all released versions (*.*), letting attackers inject script that executes in the browser context of other Drupal users. Because the module is a Drupal add-on rather than core, exposure is limited to sites that have installed it, and no public exploit has been identified. EPSS is low (0.15%, 5th percentile) and the flaw is not on the CISA KEV list, indicating no known active exploitation despite the vendor-assigned 9.8 rating.

XSS Mother May I
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Stored/reflected cross-site scripting (CWE-79) affects the Drupal contributed module 'Mother May I' across all released versions (*.*), letting attackers inject script that executes in the browser context of other Drupal users. Because the module is a Drupal add-on rather than core, exposure is limited to sites that have installed it, and no public exploit has been identified. EPSS is low (0.15%, 5th percentile) and the flaw is not on the CISA KEV list, indicating no known active exploitation despite the vendor-assigned 9.8 rating.

XSS Mother May I
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy