Drupal · Drupal Etracker · CVE-2025-48920
**Name of the Vulnerable Software and Affected Versions**
Drupal etracker versions 0.0.0 through 3.0.x
**Description**
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows an attacker to perform Cross-Site Scripting (XSS) attacks.
**Recommendations**
For versions 0.0.0 through 3.0.x, update to version 3.1.0 or later to resolve the issue.