Description
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.
Remediation
References
Related Vulnerabilities
Envoy Proxy Use After Free Vulnerability (CVE-2025-62504)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975)
Apache HTTP Server Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-53020)