6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-31696

CVE-2025-31696: Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS). This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-31696

CVE-2025-31696:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
drupal/rapidoc_elements_field_formatter	composer	< 1.0.1	1.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper sanitization of link attributes in field formatter output. As this is a field formatter module, the primary suspect is the viewElements method of the formatter plugin class responsible for rendering field values. Drupal's security advisory explicitly states the module required updates to properly handle core's link attribute sanitization, indicating the vulnerability exists in the field rendering workflow. The viewElements method would be the execution point where untrusted link attributes enter the rendering pipeline without adequate validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-31696: Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

CVE-2025-31696:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.1

6.1

Technical Details

CVE-2025-31696: Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI