CVE-2026-3218 PUBLISHED

Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

Assigner: drupal
Reserved: 25.02.2026 Published: 25.03.2026 Updated: 25.03.2026

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.

Product Status

Vendor	Drupal
Product	Responsive Favicons
Versions	Default: unaffected affected from 0.0.0 to 2.0.2 (excl.)

Credits

Simon BÃ¤se (simonbaese) finder
Frank Mably (mably) remediation developer
Sean Hamlin (wiifm) remediation developer
Greg Knaddison (greggles) coordinator
Juraj Nemec (poker10) coordinator
Jess (xjm) coordinator

References

https://www.drupal.org/sa-contrib-2026-019

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)