CVE-2026-6095

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS). This issue affects Orejime: from 0.0.0 before 2.0.16.

medium 6.1 CVSS 3.1
Published: May 19, 2026
Modified: May 21, 2026
Vendor: Gaya
Product: Orejime

Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS).

This issue affects Orejime: from 0.0.0 before 2.0.16.

References

Related CVEs

CVE-2025-68457 medium · 6.1
Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding `javascript:` code