Drupal · Glightbox · CVE-2025-48922
Name of the Vulnerable Software and Affected Versions:
GLightbox versions 0.0.0 through 1.0.15
Description:
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), in Drupal GLightbox. This allows for Cross-Site Scripting (XSS) attacks.
Recommendations:
For GLightbox versions 0.0.0 through 1.0.15, update to version 1.0.16 or later to resolve the issue.