What is CVE-2022-25276?

CVE-2022-25276 is a vulnerability in Drupal Core. Published 2023-04-26.

Is CVE-2022-25276 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Drupal Core

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cook…

EPSS: 0.018 (83.3th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions 9.4, 9.3

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

www.drupal.org/sa-core-2022-015

Frequently asked questions

What is CVE-2022-25276?: CVE-2022-25276 is a vulnerability in Drupal Core. Published 2023-04-26.
Is CVE-2022-25276 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.