CVE-2026-0749
MEDIUMDrupal Form Builder 7.x-1.0-7.x-1.22 - Cross-Site Scripting
Title source: llmDescription
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.herodevs.com/vulnerability-directory/cve-2026-0749
Various Sources third-party-advisory
https://d7es.tag1.com/security-advisories/form-builder-less-critical-cross-site-scripting
Scores
CVSS v3
6.1
EPSS
0.0020
EPSS Percentile
10.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
silence/form_builder
7.x-1.0 - 7.x-1.22
Published
Jan 28, 2026
Tracked Since
Feb 18, 2026