Date: 
2025-January-22
Vulnerability: 
Cross Site Scripting
Affected versions: 
<1.0.4
CVE IDs: 
CVE-2025-31679
Description: 

This module enables you to render error pages using the Ignition package.

The module disables certain Drupal core code and does not perform sufficient filtering, allowing HTML to be injected in certain situations leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that this module is for development purposes and is not intended to be installed on production environments.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: