CVE-2026-3218

Name of the Vulnerable Software and Affected Versions Drupal Responsive Favicons versions prior to 2.0.2

Description A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting (XSS) issue. An attacker must possess the 'administer responsive favicons' permission to exploit this. The module adds favicons generated by realfavicongenerator.net to a Drupal site. The vulnerability is a type of Improper Neutralization of Input During Web Page Generation.

Recommendations Update to version 2.0.2 or later.