Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084

Project: Paragraphs tableDate: 2025-June-25Security risk: Moderately critical 13 ∕ 25 AC:None/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingAffected versions: >=2.0.0 <2.0.5CVE IDs: CVE-2025-6677Description: Project Paragraphs table provides a field for a collection table.
The module doesn't sufficiently sanitise certain data attributes allowing Cross Site Scripting (XSS) attacks.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to enter HTML tags containing specific data attributes.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2025-084