Drupal · Responsive Favicons · CVE-2026-3218
**Name of the Vulnerable Software and Affected Versions**
Drupal Responsive Favicons versions prior to 2.0.2
**Description**
A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting (XSS) issue. An attacker must possess the 'administer responsive favicons' permission to exploit this. The module adds favicons generated by `realfavicongenerator.net` to a Drupal site. The vulnerability is a type of Improper Neutralization of Input During Web Page Generation.
**Recommendations**
Update to version 2.0.2 or later.