CVE-2026-3215 PUBLISHED

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5.

• Drew Webber (mcdruid) finder
• Joe Corall (joecorall) remediation developer
• Rosie Le Faive (rosiel) remediation developer
• Damien McKenna (damienmckenna) coordinator
• Greg Knaddison (greggles) coordinator
• Drew Webber (mcdruid) coordinator
• Juraj Nemec (poker10) coordinator
• Jess (xjm) coordinator

• https://www.drupal.org/sa-contrib-2026-016

• CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") CWE

• CAPEC-63 Cross-Site Scripting (XSS)