Fluid Attacks Database

Description

Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SpamSpan filter allows Cross-Site Scripting (XSS). This issue affects SpamSpan filter: from 0.0.0 before 3.2.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	drupal/spamspan	>=0 <3.2.1	3.2.1

Aliases

1. CVE-2025-316872. NVD-2025-316873. OSV-2025-316874. GCVE-2025-316875. drupal.org

References

1. https://git.drupalcode.org/project/spamspan/-/commit/90d622211c8bb316080a3af1dcf253b0d7e90791

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.