{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3218", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2026-02-25T17:19:35.631Z", "datePublished": "2026-03-25T15:24:55.196Z", "dateUpdated": "2026-03-26T14:42:31.151Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:24:55.196Z"}, "title": "Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019", "datePublic": "2026-02-25T18:51:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Drupal", "product": "Responsive Favicons", "collectionURL": "https://www.drupal.org/project/responsive_favicons", "repo": "https://git.drupalcode.org/project/responsive_favicons", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "2.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).<p>This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-contrib-2026-019"}], "credits": [{"lang": "en", "value": "Simon B\u00c3\u00a4se (simonbaese)", "type": "finder"}, {"lang": "en", "value": "Frank Mably (mably)", "type": "remediation developer"}, {"lang": "en", "value": "Sean Hamlin (wiifm)", "type": "remediation developer"}, {"lang": "en", "value": "Greg Knaddison (greggles)", "type": "coordinator"}, {"lang": "en", "value": "Juraj Nemec (poker10)", "type": "coordinator"}, {"lang": "en", "value": "Jess (xjm)", "type": "coordinator"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T19:58:52.195330Z", "id": "CVE-2026-3218", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T14:42:31.151Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3218", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T19:58:52.195330Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T19:59:04.392Z"}}], "cna": {"title": "Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Simon B\u00c3\u00a4se (simonbaese)"}, {"lang": "en", "type": "remediation developer", "value": "Frank Mably (mably)"}, {"lang": "en", "type": "remediation developer", "value": "Sean Hamlin (wiifm)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/responsive_favicons", "vendor": "Drupal", "product": "Responsive Favicons", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "2.0.2", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/responsive_favicons", "defaultStatus": "unaffected"}], "datePublic": "2026-02-25T18:51:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2026-019"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).<p>This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-03-25T15:24:55.196Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3218", "state": "PUBLISHED", "dateUpdated": "2026-03-26T14:42:31.151Z", "dateReserved": "2026-02-25T17:19:35.631Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-03-25T15:24:55.196Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pixelite:responsive_favicons:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "E6C717C2-41B4-47C2-925E-E8E62A04BCFE", "versionEndExcluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site scripting') vulnerabilidad en Drupal Responsive Favicons permite cross-site scripting (XSS). Este problema afecta a Responsive Favicons: desde 0.0.0 antes de 2.0.2."}], "id": "CVE-2026-3218", "lastModified": "2026-03-31T19:25:57.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T16:16:23.050", "references": [{"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-contrib-2026-019"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.0.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "responsive_favicons", "vendor": "drupal"}], "analysis": {"en": {"generated_at": "2026-04-01T06:49:37.571551+00:00", "value": {"mitigation_remediation": ["Upgrade to Responsive Favicons version 2.0.2 or later.", "Confirm that no older versions of the module remain on the site.", "If upgrade is not immediately possible, restrict access to pages using the module until a patch is applied."], "summary": {"action": "Apply patch", "impact": "Cross\u2011site scripting"}, "threat_synthesis": {"affected_systems": "Drupal sites that have the Responsive Favicons module installed in any release earlier than 2.0.2 are impacted. This includes initial 0.0.0 through 2.0.1. Any site that is still using those versions is vulnerable.", "description_and_impact": "The module contains a cross\u2011site scripting flaw due to improper input neutralization during page rendering. An attacker could inject malicious scripts that execute in the browsers of users viewing the affected pages. This could lead to client\u2011side compromise, such as session hijacking or data theft, but the scope is limited to the user\u2019s browser. The weakness aligns with CWE\u201179.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates moderate severity. The EPSS score is below 1%, and the flaw is not listed in the CISA KEV catalog, suggesting that active exploitation is currently unlikely. The likely attack vector would require a user to view a page rendered by the module or submit data that is processed by it. If the module is publicly accessible, remote exploitation is plausible, but for sites that restrict access to authenticated users, the risk decreases. The attacker would need to supply crafted input that reaches the rendering path. No exploitation prerequisites beyond typical site access are noted in the description."}}}}, "created": "2026-03-25T21:30:59.163767+00:00", "updated": "2026-04-02T07:59:08.512655+00:00", "vendors": ["drupal", "drupal$PRODUCT$responsive_favicons"]}