Drupal · Drupal Bootstrap Site Alert · CVE-2025-3901
**Name of the Vulnerable Software and Affected Versions**
Drupal Bootstrap Site Alert versions 0.0.0 through 1.12.0
Drupal Bootstrap Site Alert versions 3.0.0 through 3.0.3
**Description**
The issue affects Drupal Bootstrap Site Alert, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. This enables attackers to inject malicious scripts into web pages.
**Recommendations**
For versions 0.0.0 through 1.12.0, update to version 1.13.0 or later.
For versions 3.0.0 through 3.0.3, update to version 3.0.4 or later.