Nixpkgs security tracker

Untriaged

Permalink CVE-2026-0749

created 2 months, 3 weeks ago

Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.

References

https://www.herodevs.com/vulnerability-directory/cve-2026-0749 third-party-advisory
https://d7es.tag1.com/security-advisories/form-builder-less-critical-cross-site… third-party-advisory

Affected products

Form Builder

=<7.x-1.22

Matching in nixpkgs

pkgs.drupal

Drupal CMS

nixos-unstable 11.2.1
- nixpkgs-unstable 11.2.1
- nixos-unstable-small 11.2.1
nixos-25.11 11.2.8
- nixpkgs-25.11-darwin 11.2.7

Package maintainers

@OulipianSummer Andrew Benbow <abmurrow@duck.com>
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.drupal

Package maintainers