CVE-2025-3733

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.drupal.org/sa-contrib-2025-034	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:baguettebox.js_project:baguettebox.js::::::drupal::*
	cpe:2.3:a:baguettebox.js_project:baguettebox.js:3.0.0:::::drupal::

History

02 Sep 2025, 18:38

Type	Values Removed	Values Added
First Time		Baguettebox.js Project baguettebox.js Baguettebox.js Project
CPE		cpe:2.3:a:baguettebox.js_project:baguettebox.js:3.0.0:::::drupal:: cpe:2.3:a:baguettebox.js_project:baguettebox.js::::::drupal::*
Summary		(es) La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Drupal baguetteBox.Js permite Cross-Site Scripting (XSS). Este problema afecta a baguetteBox.Js: desde la versión 0.0.0 hasta la 2.0.4, desde la versión 3.0.0 hasta la 3.0.1.
References	~~() https://www.drupal.org/sa-contrib-2025-034 -~~	() https://www.drupal.org/sa-contrib-2025-034 - Third Party Advisory

16 Apr 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

16 Apr 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-16 17:15

Updated : 2025-09-02 18:38

NVD link : CVE-2025-3733

Mitre link : CVE-2025-3733

CVE.ORG link : CVE-2025-3733

JSON object : View

Products Affected

baguettebox.js_project

baguettebox.js

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.5 /10