CVE-2025-9550

Description

This module enables you to to easily create and manage faceted search interfaces. The module doesn’t sufficiently filter certain user-provided text leading to a cross site scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer facets”. **CVSS risk score ([experimental](https://www.drupal.org/project/securitydrupalorg/issues/3442181)) 4.8 / Medium** [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N)

Affected packages (1)

• Packagist/drupal/facetsfrom 0, < 2.0.10 | >= 3.0.0, < 3.0.1

References (1)

• WEBhttps://www.drupal.org/sa-contrib-2025-100