CVE-2025-47705

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2.

Affected Software

VendorProductVersion RangeStatus
DrupalIFrame Remove Filter7.x-1.0 <= 7.x-1.5affected
DrupalIFrame Remove Filter1.0 <= 1.2affected
DrupalIFrame Remove Filter2.0.0 < 2.0.5affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References