Drupal 7 core’s Overlay module doesn’t safely handle user input, leading to reflected cross-site scripting under certain circumstances.
Only sites with the Overlay module enabled are affected by this vulnerability.
Install the latest version:
If you are using Drupal 7, update to Drupal 7.102
Sites may also disable the Overlay module to avoid the issue.
Drupal 10 and Drupal 11 are not affected, as the Overlay module was removed from Drupal core in Drupal 8.
Greg Knaddison of the Drupal Security Team
Matthew Grill
Wim Leers
Drew Webber of the Drupal Security Team
Ra Mänd
Fabian Franz
Juraj Nemec of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
xjm of the Drupal Security Team
More Stories
vyper-0.4.1-1.fc41
FEDORA-2025-c7fae57601 Packages in this update: vyper-0.4.1-1.fc41 Update description: Vyper ver. 0.4.1 Another one small fix Fix for a few known...
vyper-0.4.1-1.fc40
FEDORA-2025-77c63e7236 Packages in this update: vyper-0.4.1-1.fc40 Update description: Vyper ver. 0.4.1 Another one small fix Fix for a few known...
tigervnc-1.15.0-2.fc42
FEDORA-2025-ef7fb833f2 Packages in this update: tigervnc-1.15.0-2.fc42 Update description: Fixes for xorg-x11-server CVEs. Read More
tigervnc-1.15.0-2.fc40
FEDORA-2025-a87bc329fe Packages in this update: tigervnc-1.15.0-2.fc40 Update description: Fixes for xorg-x11-server CVEs. Read More
ZDI-25-103: (0Day) Delta Electronics ISPSoft CBDGL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required...
ZDI-25-102: (0Day) Delta Electronics ISPSoft DVP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ISPSoft. User interaction is required...