Drupal · Drupal Link Field Display Mode Formatter · CVE-2025-31695
**Name of the Vulnerable Software and Affected Versions**
Drupal Link field display mode formatter versions 0.0.0 through 1.6.0
**Description**
The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), in the Drupal Link field display mode formatter. This allows for Cross-Site Scripting (XSS) attacks.
**Recommendations**
For versions 0.0.0 through 1.6.0, update to version 1.6.0 or later to resolve the issue.