"Ricochet has proven to be a partner that we can depend on to create and maintain a successful drupal-based CMS system. Their deep experience in drupal has allowed them to identify existing plugins and to quickly implement custom logic when required to efficiently implement our international content management workflow and site. Ricochet has shown their commitment to our success again and again, working collaboratively across our team to make it happen, and putting in the extra effort when needed to meet our business goals."
—David Saffren, Blurb.com

Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091

Wed, 2025-07-16 09:46 — Anonymous (not verified)

Project: Real-time SEO for DrupalDate: 2025-July-16Security risk: Moderately critical 14 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross-site ScriptingAffected versions: <2.2.0CVE IDs: CVE-2025-7716Description: This module enables you to analyze the content that you're authoring for a website. It shows you a preview of what a search result might look like.
The module doesn't sufficiently escape the metadata from content while rendering the preview, opening up the possibility of a XSS attack.
This vulnerability is mitigated by the fact that an attacker must be able to author content that is analyzed by the Real-Time SEO module.Solution: Install the latest version:

Upgrade to yoast_seo 8.x-2.2.

Reported By:

Pierre Rudloff (prudloff), provisional member of the Drupal Security Team.

Fixed By:

Alexander Varwijk (kingdutch)
Pierre Rudloff (prudloff), provisional member of the Drupal Security Team.

Coordinated By:

Damien McKenna (damienmckenna) of the Drupal Security Team
Greg Knaddison (greggles) of the Drupal Security Team
Pierre Rudloff (prudloff), provisional member of the Drupal Security Team
Jess (xjm) of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2025-091

Search form

Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091