Security Advisory

CVE-2025-14556

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-14 18:38:21
Last updated 2026-01-14 19:16:19
Assigner drupal
State PUBLISHED

Description

Improper Neutralization of Input During Web Page Generation (XSS or Cross-site Scripting) vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.