Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-12116
6.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Activity log
- Created suggestion
Drift <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title
The Drift theme for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Affected products
Drift
- =<1.5.0
Matching in nixpkgs
pkgs.driftctl
Detect, track and alert on infrastructure drift
pkgs.driftnet
Watches network traffic, and picks out and displays JPEG and GIF images for display
pkgs.vdrift-bin
Car racing game
-
nixos-unstable 2021-09-05
- nixpkgs-unstable 2021-09-05
- nixos-unstable-small 2021-09-05
-
nixos-25.11 2021-09-05
- nixos-25.11-small 2021-09-05
- nixpkgs-25.11-darwin 2021-09-05
pkgs.haskellPackages.drifter
Simple schema management for arbitrary databases
Package maintainers
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@KAction Dmitry Bogatov <KAction@disroot.org>
-
@qjoly Quentin JOLY <github@une-pause-cafe.fr>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>