drupal/core Security Advisories for 10.3.10 (4)
-
[MEDIUM] Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
PKSA-s1zc-gcfk-ddw5 CVE-2025-3057 GHSA-39g6-x4x8-5jcm
Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13
Reported by:
GitHub -
[MEDIUM] Drupal Core Vulnerable to Forceful Browsing
PKSA-s6zc-mws4-ngh4 CVE-2025-31673 GHSA-wpp8-fjgf-pwc7
Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13
Reported by:
GitHub -
[MEDIUM] Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
PKSA-ctyc-dmct-npkz CVE-2025-31674 GHSA-2qph-q8xw-gv7q
Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13
Reported by:
GitHub -
[LOW] Drupal Core Cross-Site Scripting (XSS) Vulnerability
PKSA-42zc-x5ss-z64p CVE-2025-31675 GHSA-m4wj-hhwj-47qp
Affected version: >=11.1.0,<11.1.5|>=11.0.0,<11.0.13|>=10.4.0,<10.4.5|>=8.0.0,<10.3.14
Reported by:
GitHub