Low severityNVD Advisory· Published Mar 31, 2025· Updated Apr 29, 2025

RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025

CVE-2025-31696

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
drupal/rapidoc_elements_field_formatterPackagist	< 1.0.1	1.0.1

Affected products

ghsa-coords
pkg:composer/drupal/rapidoc_elements_field_formatter
Range: < 1.0.1
Drupal/RapiDoc OAS Field Formattercpe-rescue
Range: 0.0.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-86h4-w859-3hhvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-31696ghsaADVISORY
www.drupal.org/sa-contrib-2025-025ghsaWEB

News mentions

No linked articles in our index yet.

Severity

lowFrom advisory

Numeric CVSS not yet published. Severity reported by the issuing advisory.

Affected

Source repo: git.drupalcode.org/project/rapidoc_elements_field_formatter

EPSS

Probability of exploitation in the next 30 days.

0.23%

VYPR risk score

Composite of severity, exploitation, and reach.

0.07low

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE ID

CVE-2025-31696

Credits

JZ
Joseph Zhao (pandaski)
finder
BD
Bram Driesen (bramdriesen)
coordinator
DW
Drew Webber (mcdruid)
coordinator
GK
Greg Knaddison (greggles)
coordinator
JN
Juraj Nemec (poker10)
coordinator
AE
Arlina Espinoza Rhoton (arlina)
remediation developer
BF
Benji Fisher (benjifisher)
remediation developer
LR
Lee Rowlands (larowlan)
remediation developer